black market botnets black market botnets
play

Black Market Botnets Black Market Botnets Nathan Friess Friess - PowerPoint PPT Presentation

Aug 18, 2022 •332 likes •570 views

Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

  1. Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

  2. Botnets: Current Scenario : Current Scenario Botnets � Infect computers Infect computers � � Spam attachments/links, drive Spam attachments/links, drive- -by downloads by downloads � � Control victim Control victim � � Spam Spam botnets botnets � � Gather data Gather data � � Key loggers, monitor network traffic Key loggers, monitor network traffic �

  3. “Interesting Interesting” ” Data Data “ � Identity: Passwords, PINs, SSN Identity: Passwords, PINs, SSN � � Financial: Credit Cards, Tax Returns Financial: Credit Cards, Tax Returns � � Corporate Secrets Corporate Secrets � � Design Documentation, Schematics Design Documentation, Schematics � � Financial Reports Financial Reports � � Personal Secrets Personal Secrets � � Latest gossip on celebrities Latest gossip on celebrities � � Illegal Files, Terrorist Plans Illegal Files, Terrorist Plans �

  4. Our Prediction Our Prediction � More types of data will be stolen and used More types of data will be stolen and used � for profit for profit

  5. Our Prediction Our Prediction � More types of data will be stolen and used More types of data will be stolen and used � for profit for profit

  6. The Business Case The Business Case Passwords Credit Cards Volume Celebrity Secrets Trade Secrets Love Letters ??? Available Data

  7. Gozi: A First Step : A First Step Gozi � February 2007 February 2007 � � Monitor HTTP POST requests (even SSL) Monitor HTTP POST requests (even SSL) � � Upload POST data to central server Upload POST data to central server � � Customers search for data (based on web Customers search for data (based on web � site, form fields, etc.) and pay to download site, form fields, etc.) and pay to download � Doesn Doesn’ ’t upload local files t upload local files � � Limited searching capabilities Limited searching capabilities �

  8. Black Market Botnets Black Market Botnets ��������� ������ ���������

  9. Black Market Botnets Black Market Botnets ��������� ������ ������ ��������� Basic Architecture

  10. Black Market Botnets Black Market Botnets ��������� ������ ������ ������ ��������� ������ Basic Architecture

  11. Black Market Botnets Black Market Botnets ��������� “Bunnies” ������ ������ ������ ��������� ������ Basic Architecture

  12. Black Market Botnets Black Market Botnets ��������� ������ ������ ������ ��������� ������ Basic Architecture

  13. Black Market Botnets Black Market Botnets ��������� ������ ������ ��������� Advanced Architecture

  14. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  15. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  16. Black Market Botnets Black Market Botnets ��������� ������� ������ ������� ������ ��������� Advanced Architecture

  17. Interesting Document Interesting Document Indicators Indicators � Document Types: .TAX Document Types: .TAX � � Financial Data: Spreadsheets Financial Data: Spreadsheets � � Specific Vocabulary: Specific Vocabulary: � Technical Terms, Poetry Technical Terms, Poetry � Activity: Recently Edited, Viewed Activity: Recently Edited, Viewed �

  18. Auction Infrastructure Auction Infrastructure � eBay eBay � � Hide document fragments Hide document fragments � using steganography steganography using � Legitimate cover for fund Legitimate cover for fund � transfer transfer � Don Don’ ’t really need to ship a physical product t really need to ship a physical product � � Existing model: drug trafficking Existing model: drug trafficking �

  19. Additional Markets Additional Markets � Victims pay Victims pay botmaster botmaster to not publish to not publish � documents: Bidding Wars documents: Bidding Wars � Pre Pre- -seed seed botnet botnet with customer queries with customer queries � � Allow customers to write scripts to search Allow customers to write scripts to search � for specific data for specific data

  20. Defenses Defenses � Avoid being infected Avoid being infected � � Limit document exposure Limit document exposure � � Keep archived files offline Keep archived files offline � � Hide documents using Hide documents using steganography steganography �

  21. Defenses Defenses � Digital Rights Management Digital Rights Management � � Investigate leaks Investigate leaks � � Fingerprint documents, trace back to Fingerprint documents, trace back to � infected computer infected computer � Follow money trail, trace back to Follow money trail, trace back to botmaster botmaster � � Actively attack document gathering Actively attack document gathering � � Insert useless documents into Insert useless documents into botnet botnet �

  22. Conclusions Conclusions � Valuable data is available in Valuable data is available in botnets botnets � � It is already possible to connect data and It is already possible to connect data and � customers customers � A black market for data can exist, even if A black market for data can exist, even if � botmasters don don’ ’t know what is in demand t know what is in demand botmasters

  23. Black Market Botnets Black Market Botnets Nathan Friess Friess Nathan John Aycock Aycock John Ryan Vogt Ryan Vogt Department of Computer Science Department of Computer Science University of Calgary University of Calgary Canada Canada

Recommend

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr

BotNets BotNets- Cybe Cyber T r Torrirism orrirism Ba Batt ttling ling th the t e thr hrea eats ts of inte of intern rnet et Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets?

722 views • 35 slides
Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive

Botnets CS 598: Advanced Internet Presented by: Imranul Hoque How to Study Botnets? Passive analysis Study spam e-mail, DNS queries by bot-infected machines, DNS blacklists, analyze network traffic, etc. Infiltration Todays

686 views • 15 slides
NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

NECST laboratory BOTNETS FUNDING ETC. . @syssecproject SysSec Project:

PHOENIX & CERBERUS We haz botnets! #Honeynet2014 Stefano Schiavoni, Edoardo Colombo Federico Maggi Lorenzo Cavallaro Stefano Zanero Politecnico Di Milano & Royal Hollway, University of London NECST laboratory BOTNETS FUNDING ETC.

1.28k views • 107 slides
BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines

BOTNETS GRAD SEC NOV 21 2017 TODAYS PAPERS BOTNETS Collection of compromised machines (bots) under unified control of an attacker (botmaster) Method of compromise decoupled from method of control Launch a worm/virus, etc.:

790 views • 16 slides
Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic

Detecting Botnets with Temporal Persistence Jaideep Chandrashekar Frederic Giroire Nina Taft Eve Schooler Mascotte project I3S (CNRS, Univ. of Nice) Intel Labs INRIA Sophia Antipolis Botnets: Why care? Botnet

888 views • 46 slides
Growth and Scalability Joe Black "product/market fit means being in a good market with a

Growth and Scalability Joe Black "product/market fit means being in a good market with a

Growth and Scalability Joe Black "product/market fit means being in a good market with a Product that can satisfy that market" -Marc Andreesen Andreessen has always been a multi-stage investment firm, but really the opportunity

454 views • 10 slides
Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

Studying Spamming Botnets Using BotLab Arvind Krishnamurthy Joint work with: John John, Alex Moshchuk, Steve Gribble University of Washington Botnets: a Growing Threat Increasing awareness, but there is a dearth of hard facts especially

291 views • 15 slides
Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats

Bot BotNets Nets- Cy Cyber ber To Torr rriris irism Battling Battling the the threats threats of of interne internet Assoc. Prof. Dr. Sureswaran Ramadass National Advanced IPv6 Center - Director Why Talk About Botnets? Because Bot

379 views • 27 slides
The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and

The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and

The Cross-Market Spillover of Shocks through Multi-Market Banks Jose Berrospide, Lamont Black and William Keeton Federal Reserve Board and FRB of Kansas City Bocconi University Symposium October 10, 2011 The views expressed do not necessarily

722 views • 26 slides
the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain

the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain

Black Sea region facing the global market challenges Sergey Feofilov UkrAgroConsult 16 Th International Black Sea Grain Conference April 10-11, 2019 yiv Disclaimer Past performance is no guarantee of future results. The opinions

399 views • 36 slides
ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez

ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez

ON THE AFRICAN AMERICAN/BLACK MARKET Natalie Kates Antonieta Echezura Fernando Rodriguez Defining the African American/Black Market The U.S. Census defines African Americans/Blacks as people who have origins in, or are descendents from,

371 views • 19 slides
Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur

Botnets Secret Puppetry With Computers Balaji Prasad T.K ( bpt@email.arizona.edu ) Nupur Maheshwari ( nupurm@email.arizona.edu ) Department of Computer Science University of Arizona April 22, 2012 What are Botnets? 1 Technical Overview 2

895 views • 37 slides
Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al.

Spamming Botnets: Signatures and Characteris5cs Xie et al. Presented by Kyle Mar5n <kyle.mar5n@knights.ucf.edu> The Problems Botnets The Problems

823 views • 36 slides
RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+,

INSIGHT INTO RUSSIAN BLACK MARKET sh-3.2# whoami Alan Kakareka, CISSP, GSNA, GSEC, CEH, MCP, MCDST, Net+, Sec+ MS MIS @FIU CTO and founder of Demyo, Inc. Demyo, Inc. AND I ENJOY GREEN LETTERS ON BLACK BACKGROUND Demyo, Inc. WHAT

646 views • 32 slides
Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern

Botnets Some slides taken from David Choffnes, Northeastern https://www.justice.gov/usao-cdca/pr/justice-department- announces-court-authorized-efforts-map-and-disrupt-botnet- used-north

707 views • 32 slides
Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets

Effective features for detecting Effective features for detecting IRC botnets IRC botnets Claudio Mazzariello, Carlo Sansone Carlo Sansone Claudio Mazzariello, Dipartimento di Informatica e Sistemistica Dipartimento di Informatica e

614 views • 19 slides
Labor Market Integration of First and Second Generation Black Immigrants in Israel and the United

Labor Market Integration of First and Second Generation Black Immigrants in Israel and the United

Labor Market Integration of First and Second Generation Black Immigrants in Israel and the United States Extended Abstract Work in Progress Ameed Saabneh, University of Haifa Rebbeca Tesfai, Temple University Introduction The question of

414 views • 19 slides
Botnets A collection of compromised machines Under control of a single person Organized

Botnets A collection of compromised machines Under control of a single person Organized

Botnets A collection of compromised machines Under control of a single person Organized using distributed system techniques Used to perform various forms of attacks Usually those requiring lots of power Lecture 12 Page 1 CS

753 views • 16 slides
Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Malware: Viruses, Worms, Rootkits, Botnets Spring 2015 Franziska (Franzi) Roesner

403 views • 37 slides
Making the Most of the Sludge Market: a water company perspective Simon Black Head of Recycling

Making the Most of the Sludge Market: a water company perspective Simon Black Head of Recycling

Making the Most of the Sludge Market: a water company perspective Simon Black Head of Recycling & Environmental Services - Anglian Water Director Assured Biosolids N L I N C O L N S H I R E CHP Pyewipe Scunthorpe B Grimsby Newton

454 views • 14 slides
AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot)

AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot)

Table of Contents AN INSIDE LOOK AT Rationale BOTNETS Codebase Analysis (Agobot, SDBot, SpyBot, GT Bot) Architecture Paul Barford and Vinod Yagneswaran Remote Control Mechanisms Host Control Propagation Exploits and

158 views • 4 slides
Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

445 views • 19 slides
Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI:

Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI:

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/333652427 Presentation: Scalable Detection of Botnets Based on DGA Presentation June 2019 DOI: 10.13140/RG.2.2.24134.32322 CITATIONS

561 views • 20 slides
15% > Black market fueling credential theft Quantifying risk of account takeover Protecting

15% > Black market fueling credential theft Quantifying risk of account takeover Protecting

15% > Black market fueling credential theft Quantifying risk of account takeover Protecting users 1.9B Credentials exposed 12M Estimated credentials **************************************************** Operating System Intel Recovery

1.04k views • 36 slides

More recommend