From viruses to theft Joakim von Braun Security
From viruses to theft Joakim von Braun Security Consultants Uppsala universitet 2006 -10 -03
Joakim von Braun • Born 1955 • B. A. In Political Sciences • Professionell work in security for 35 years • Advisor and consultant to SÄPO for 25 years • Work for Military Intelligence • Timbro 1979 - 1988 • Private business during 13 years • Security advisor Symantec 2001 - 2005 • Consultant and advisor • Professional speaker • Journalist and writer
Crime on the Internet
Todays changing threats ¨ variables ¨ Threat posture 2006 -2007 ¨ Botnets – spam and blackmail ¨ Phishing ¨ Crimeware
Knowledge?
Vulnerabilities easy to use
Threat posture 2006 v v v v From 450 to 10. 800 new threats in three years The difference between worm and trojan is gone Huge increase of botnets (Zombie networks) Botnets with more than 100. 000 computers 1. 000 new botnet worms every month 4. 000 new vulnerabilties 6 days to patch an exploit Hackers and coders are working for money!!!
Botnets can be rented
Money is everything v Botnets can be rented for 6, 24 hours or a week v Botnets are used to propagate Spam v Botnets are used for Do. S attacks + blackmail v More than 20. 000 Phishing attacks per month v Crimeware has increased from 20 to 6. 500 in 3, 5 years v A new unknown trojan can be bought for 1. 000 kronor
75 new worms per day!!!
More botnets
Blackmail more common
Phishing ¨ HTML formatted e-mail sent to bank customers ¨ An URL points to the bank homepage ¨ The homepage is a copy of the original ¨ Homepages are hidden on hacked computers ¨ Customers reveal important economic data ¨ USA, UK and Australia the first targets ¨ 350 % increase during 2004 ¨ Swedes customers in US companies targeted ¨ Eurocard in Sverige first 22/11 2004 ¨ At least 7 Swedish attacks during 2005
November 2003
November 2005
Obfuscated Web adresses
Vulnerability in Internet Explorer Visible link: https: //cgi 1. ebay. com/aw-cgi/ebay. ISAPI. dll? Called link : http: //cgi 1. ebay. com. awcgiebay. ISAPI. dll%00@210. 93. 131. 250/my/index. htm Website: http: //210. 93. 131. 250/my/index. htm
AOL Billing Center
AOL Billing Center
Hacked once again
Infected computers used – port 4444
Dramatic increase of maliciouse code
Worms and trojans steals information
Crimeware targets bank and CC customers v Increase from 20 to 6. 500 trojans in 3, 5 years v Brasil, Australia, USA and UK mostly targeted v Germany and Scandinavia is next v Remote Access and Keylogging v Kills AV and personal firewalls v Logs everythin in certain open windows v Sniffs encrypted HTTPS traffic
Trojan Stawin
Trojan Bizex
Questions Joakim von Braun Security Consultants joakim. von_braun@bredband. net 0709 -56 16 42 (cell) 08 -649 19 69 (home) 08 -659 54 78 (fax)
- Slides: 28