Embed Size (px)
Citation preview
The Many Faces of Malware
@belogor
Your speakers today
Nick Bilogorskiy@belogor
Director of Security Research
Shel SharmaProduct Marketing Director
Agenda
o Fake Antiviruso Ransomwareo APTso Adwareo Web Exploitso Wrap-up and Q&A
Cyph
ort L
abs
T-sh
irt
Threat Monitoring & Research team
________
24X7 monitoring for malware events
________
Assist customers with their Forensics and Incident Response
We enhance malware detection accuracy
________
False positives/negatives
________
Deep-dive research
We work with the security ecosystem
________
Contribute to and learn from malware KB
________
Best of 3rd Party threat data
FAKE ANTIVIRUS
Fake Antivirus timeline
Mac Defender
Antivirus XP 2008
2005 2008 2009 2010 2011 2012 2013 2014
WinFixerPC Optimizer Pro
WinFixer
XP Antivirus 2008
Affiliate Username Account Balance (USD)
nenastniy $158,568.86krab $105,955.76rstwm $95,021.16newforis $93,260.64slyers $85,220.22ultra $82,174.54cosma2k $78,824.88dp322 $75,631.26iamthevip $61,552.63dp32 $58,160.20
2011 - Mac Defender
2011 - Mac Defender
o Pavel Vrublevsky Sentenced to 2.5 Years
2015 Adware PcOptimizerPro
o PcOptimizerPro shows fake alerts of performance problems
o Fixing only possible with commercial version
o Offers user to buy an upgrade
PC Optimizer Pro
RANSOMWARE
PGPCoder Trojan – 1024 RSA key, collects money via EGOLD
Bitcoin was invented by Satoshi Nakamoto
Reveton Trojan, aka Police Trojan. collects money via Moneypak
BitCoin becomes popular, Cryptolocker appears
Cryptowall, TeslaCrypt
Ransomware History
2005
2009
2012
2013
2014
TeslaCrypt
TeslaCrypt
TeslaCrypt
Kovter Kovter
CryptoWall
CryptoWall 3.0 example
Lockers
Koobface solves CAPTCHAs
ADVANCEDPERSISTENTTHREAT
DarkSeoul
o DarkSeoul, a hacking group with suspected links to North Korea, performed a delayed wipe on 32,000 systems at South Korean banks and media companies
o Credit claimed by Whois
Sony Wiper
DarkComet RAT
BlackShades RAT Trojan
BlackShades RAT Trojan
BlackEnergy/Sandworm
o CVE-2014-4114 o “complete list
of Members of Parliament”.
Asprox/Kuluoz
ADWARE
Groovorio Spyware
SafeSear.ch Adware
Browser Hijacker BrowseIgnite
OSX – Genieo
o MD5: 11f085fdfca46a4b446760a0e68dc2c3o Browser Hijacker
Outbrowse
Hack Tools
Hack Tools
EXPLOITS
Web Exploits running
Web Exploits running
Summaryo Most malware runs silentlyo Some malware uses GUI for monetizationo Error windows are very common in malware
output, both real and fakeo APTs display fake documents for misdirection
Thank You!Twitter: @belogor
Previous MMW slides on
http://cyphort.com/labs/malwares-wanted/
![Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] Felix.Leder@norman.com 5. desember 2011 malware](https://img.dokumen.tips/doc/110x75/5e24a0182957fc7c07460194/malware-fails-best-bugs-in-malware-felix-leder-malware-1-malware-fails-best.jpg)
![Evasive Techniques: An IntroductionAT]minerva-labs.com 5 The Sum of All (Malware) Fears Classifying Malware's Phobias In order to better understand the usage of evasive techniques](https://img.dokumen.tips/doc/110x75/5b1e9ae07f8b9a22028bc178/evasive-techniques-an-introduction-atminerva-labscom-5-the-sum-of-all-malware.jpg)
![Evasive Techniques: An Introduction - Amazon S3 · research[AT]minerva-labs.com 5 The Sum of All (Malware) Fears Classifying Malware's Phobias In order to better understand the usage](https://img.dokumen.tips/doc/110x75/5ecd146d141c6339757fb052/evasive-techniques-an-introduction-amazon-s3-researchatminerva-labscom-5-the.jpg)