the underground economy and ecosystem of sms based
play

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis - PowerPoint PPT Presentation

Nov 12, 2023 •620 likes •1.39k views

The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria Agenda SMS based threats Ransomware SMS Trojans The

  1. The Underground Economy and Ecosystem of SMS Based Cybercrime Denis Maslennikov, Senior Malware Analyst, Kaspersky Lab 15.06.2011, 23 rd Annual FIRST Conference, Vienna, Austria

  2. Agenda SMS based threats • Ransomware • SMS Trojans The ecosystem Underground economy Threats round the globe What should we do? 23 rd Annual FIRST Conference PAGE 2 | | June 15, 2011

  3. Lottery 23 rd Annual FIRST Conference PAGE 3 | | June 15, 2011

  4. How much have users lost? 23 rd Annual FIRST Conference PAGE 4 | | June 15, 2011

  5. Ransomware

  6. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 6 | | June 15, 2011

  7. Ransomware In a nutshell 23 rd Annual FIRST Conference PAGE 7 | | June 15, 2011

  8. Ransomware Variety 23 rd Annual FIRST Conference PAGE 8 | | June 15, 2011

  9. Ransomware Variety 23 rd Annual FIRST Conference PAGE 9 | | June 15, 2011

  10. Ransomware Variety 23 rd Annual FIRST Conference PAGE 10 | | June 15, 2011

  11. Ransomware Variety 23 rd Annual FIRST Conference PAGE 11 | | June 15, 2011

  12. Ransomware Variety 23 rd Annual FIRST Conference PAGE 12 | | June 15, 2011

  13. Ransomware Variety 23 rd Annual FIRST Conference PAGE 13 | | June 15, 2011

  14. Ransomware Variety 23 rd Annual FIRST Conference PAGE 14 | | June 15, 2011

  15. Ransomware Variety 23 rd Annual FIRST Conference PAGE 15 | | June 15, 2011

  16. Psychological tricks Legal prosecution threats Data corruption threats Malware infection (!) threats Annoying pop-ups 23 rd Annual FIRST Conference PAGE 16 | | June 15, 2011

  17. What do they want? 23 rd Annual FIRST Conference PAGE 17 | | June 15, 2011

  18. Deblocker 23 rd Annual FIRST Conference PAGE 18 | | June 15, 2011

  19. Deblocker 23 rd Annual FIRST Conference PAGE 19 | | June 15, 2011

  20. Deblocker service statistics Launch: January 2010 Current state: • More than 5,100,000 unique visitors • More than 19,500,000 requests • ~60,000 unique visitors per day • ~230,000 requests per day Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 20 | | June 15, 2011

  21. SMS Trojans

  22. SMS Trojans In a nutshell 23 rd Annual FIRST Conference PAGE 22 | | June 15, 2011

  23. Statistics Number of modifications per year 345 336 350 300 250 212 200 150 116 100 50 11 3 0 2006 2007 2008 2009 2010 2011 Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 23 | | June 15, 2011

  24. Statistics Platform distribution 8% 3% 5% Symbian Windows Mobile Android J2ME 84% Source: Kaspersky Lab 23 rd Annual FIRST Conference PAGE 24 | | June 15, 2011

  25. Primitive: Trojan-SMS.J2ME.Konov One of the first widespread SMS Trojans: • Small (1,5 – 8 kB) • No encryption • No social engineering tricks 23 rd Annual FIRST Conference PAGE 25 | | June 15, 2011

  26. Advanced: Trojan-SMS.J2ME.VScreener ‘Faulty’ video player Must be ‘tuned’ by user • Quick left soft key pressing SMS are sent during ‘tuning’ Premium rate number and SMS text are stored in ‘ load.bin ’ file File ‘ load.bin ’ is encoded with ADD and ‘0xA’ key 23 rd Annual FIRST Conference PAGE 26 | | June 15, 2011

  27. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 27 | | June 15, 2011

  28. ‘Video player’ Again 23 rd Annual FIRST Conference PAGE 28 | | June 15, 2011

  29. SEO and mobile malware 23 rd Annual FIRST Conference PAGE 29 | | June 15, 2011

  30. SEO and mobile malware Blonde porn download 23 rd Annual FIRST Conference PAGE 30 | | June 15, 2011

  31. The ecosystem The root of all evil

  32. Trojan-SMS.J2ME.Konov 23 rd Annual FIRST Conference PAGE 32 | | June 15, 2011

  33. Trojan-SMS.J2ME.Konov $10 or $6 per SMS Mobile operator 23 rd Annual FIRST Conference PAGE 33 | | June 15, 2011

  34. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 34 | | June 15, 2011

  35. Trojan-SMS.J2ME.Konov Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 35 | | June 15, 2011

  36. Trojan-SMS.J2ME.Konov ‘ epbox 1290’ on Subtenant with ID 1290 4460 & 5537 ‘ epbox ’ ‘ epbox ’ on 4460 renter & 5537 Mobile 4460 Content operator 5537 provider 23 rd Annual FIRST Conference PAGE 36 | | June 15, 2011

  37. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ renter ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 37 | | June 15, 2011

  38. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A ‘ epbox 1290’ subtenant 23 rd Annual FIRST Conference PAGE 38 | | June 15, 2011

  39. Who are ‘ epbox ’ and ‘ epbox 1290’ ‘ epbox ’ Affiliate network renter owner(s) Affiliate A Affiliate B Affiliate C ‘ epbox 1290’ ‘ epbox M’ ‘ epbox N’ subtenant subtenant subtenant 23 rd Annual FIRST Conference PAGE 39 | | June 15, 2011

  40. The root of all evil Affiliate network registration form 23 rd Annual FIRST Conference PAGE 40 | | June 15, 2011

  41. The root of all evil Affiliate network registration form Name Email Website URL Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 41 | | June 15, 2011

  42. The root of all evil Affiliate network registration form No sensitive data! Name Email Website URL Affiliate ID ‘ epbox 1290’ Website name WMZ and WMR ICQ (optional) 23 rd Annual FIRST Conference PAGE 42 | | June 15, 2011

  43. Typical affiliate website 23 rd Annual FIRST Conference PAGE 43 | | June 15, 2011

  44. Typical affiliate website 23 rd Annual FIRST Conference PAGE 44 | | June 15, 2011

  45. Typical affiliate website Referrer check Remote server Affiliate ID 23 rd Annual FIRST Conference PAGE 45 | | June 15, 2011

  46. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID 23 rd Annual FIRST Conference PAGE 46 | | June 15, 2011

  47. Typical affiliate website Referrer check Remote server Affiliate ID JAR constructor SMS Trojan with affiliate ID Thousands of websites! 23 rd Annual FIRST Conference PAGE 47 | | June 15, 2011

  48. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 48 | | June 15, 2011

  49. Ransomware Same situation 23 rd Annual FIRST Conference PAGE 49 | | June 15, 2011

  50. Underground economy …and lottery results :)

  51. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 51 | | June 15, 2011

  52. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) SMS 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 52 | | June 15, 2011

  53. Underground economy Revenue sharing The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 53 | | June 15, 2011

  54. Underground economy Revenue sharing 1-5% of SMS price The Infected affiliate Affiliate phone/PC owner(s) 1-5% of SMS 40-67% of SMS price SMS price 31-50% of SMS price Mobile Content operator provider 23 rd Annual FIRST Conference PAGE 54 | | June 15, 2011

  55. $$$ 23 rd Annual FIRST Conference PAGE 55 | | June 15, 2011

  56. $$$ ‘…10 people were arrested…’ ‘…malware which blocks PC…’ 23 rd Annual FIRST Conference PAGE 56 | | June 15, 2011

  57. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 57 | | June 15, 2011

  58. $$$ ‘…10 people ‘…half a year…’ were arrested…’ ‘…1 billion rubles…’ ‘…malware ‘…SMS as which blocks ransom…’ PC…’ 23 rd Annual FIRST Conference PAGE 58 | | June 15, 2011

  59. Calculations 1,000,000,000 rubles ~ $30,000,000 $30,000,000/6 ~ $5,000,000 per month 23 rd Annual FIRST Conference PAGE 59 | | June 15, 2011

  60. ‘Death penalty’ Largest mobile affiliate network was fined: The fine was equal to 25% of the affiliate network weekly income: • 1,590,000 rubles ~ $53,000 • Weekly income ~ $212,000 • Monthly income ~ $850,000 People were losing at least $1,200,000 per month 23 rd Annual FIRST Conference PAGE 60 | | June 15, 2011

  61. Final score $6,200,000 per month 23 rd Annual FIRST Conference PAGE 61 | | June 15, 2011

  62. Threats round the globe

  63. Ransomware 23 rd Annual FIRST Conference PAGE 63 | | June 15, 2011

  64. Ransomware 23 rd Annual FIRST Conference PAGE 64 | | June 15, 2011

  65. Ransomware 23 rd Annual FIRST Conference PAGE 65 | | June 15, 2011

  66. A long time ago… 23 rd Annual FIRST Conference PAGE 66 | | June 15, 2011

  67. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 67 | | June 15, 2011

  68. Porn SMS senders ‘ Nooit spijt ’ case 23 rd Annual FIRST Conference PAGE 68 | | June 15, 2011

  69. ‘Dating’ apps If you are from UK 23 rd Annual FIRST Conference PAGE 69 | | June 15, 2011

Recommend

Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services

Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services

Conserving Marine Ecosystem Services: Private Sector Investment and Markets Oceans Economy and Ecosystem Services CBD COP-13 Side Event December 5, 2016 State of the Oceans and Marine Biodiversity Many people know about degradation of the

978 views • 20 slides
5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application

Se minar 5 Ecosystem Services in Practice: Market-Based Ecosystem Services - From Theory to Application Speaker Adam Davis Dave Batker Dr. Ben Guillon Ricardo Bayon 2011 ECOSYSTEM SERVICES SEMINAR SERIES Ecosystem Services Seminar

745 views • 35 slides
Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

445 views • 19 slides
Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem

Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem

Development of advice towards ecosystem based fisheries management - ICES advice and ecosystem based fisheries management Towards Ecosystem Based Fisheries Management in the Bal7c Sea 16 - 17 June 2016 Eskild Kirkegaard ACOM Chair Common

386 views • 19 slides
Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September

1 Coalition Against Unsolicited Commercial Email Basic e-mail forensics John R. Levine & Neil Schwartzman Underground Economy#13 September 2013 2 Where is everything? These Slides : http://www.taugh.com/ue13/ Resources :

942 views • 91 slides
Pace Layers The social economy ecosystem has many layers, all of which change at different

Pace Layers The social economy ecosystem has many layers, all of which change at different

Pace Layers The social economy ecosystem has many layers, all of which change at different rates, the outer layers moving faster than the inner Source: Stewart Brand, The Clock of the Long Now 1 | Confidential & Proprietary 2 |

421 views • 4 slides
MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem

MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem

MORPHotype EcOSystem design remote definition based on big data morphology and use ecosystem for creative industries Alessandro Canepa alessandro@i-dealsrl.com +39 338 6426165 https://www.youtube.com/watch?v=9AFWaKUTxn4 Consortium The

216 views • 19 slides
The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western

The political economy of water security, ecosystem services and livelihoods in the western Himalayas ESPA 2013 PROJECT, REFERENCE NE/ L001365/ 1 Project team University of Cambridge Bhaskar Vira Centre for Development and Research

264 views • 11 slides
Circular economy interaction with climate policies, ecosystem services, biodiversity, and human

Circular economy interaction with climate policies, ecosystem services, biodiversity, and human

Circular economy interaction with climate policies, ecosystem services, biodiversity, and human health: Insights from GEO-6 and GRO 2019 Presentation to the LCS-RNet 11 TH Annual Meeting Paul Ekins Professor of Resources and Environmental

845 views • 37 slides
Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah

Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah

Ecosystem Services in the Greater Houston Region Based on Ecosystem Services Primer Deborah January-Bevers February/March 2019 Houston is an Ecologically Diverse Region Ecoregions: Big Thicket Piney Woods Trinity Bottomlands

346 views • 31 slides
Circular Economy Project Driving towards circularity International workshop on Circular Economy

Circular Economy Project Driving towards circularity International workshop on Circular Economy

Circular Economy Project Driving towards circularity International workshop on Circular Economy in the Automotive Industry Massimiano Tellini, Global Head - Circular Economy Project 6-7 November 2017, Bratislava 1 Ecosystem Growth Innovative

633 views • 20 slides
Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why

Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why

Ecosystem based management: why try to herd cats? Mark Dickey-Collas @DickeyCollas Why ecosystem based management? to promote biodiversity conservation, and explore consequences of trade-offs in the management of marine ecosystems Marshak

692 views • 39 slides
ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is

ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is

The effects of landscape heterogeneity on pollination ecosystem services in a Swaziland savanna ecosystem EMILY RUNNION Insect Pollination What is insect pollination? Global Impacts Food Economy Mountain Aloe (Aloe marlothii

1.77k views • 7 slides
Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave

Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave

Possible Analytical Approach for Developing Ecosystem based Adaptation Master plan Dave Loubser PEBACC Country Manager Vanuatu Ecosystem and Socio economic Resilience Analysis and Mapping 2 Habitat Stability to Climate Change

764 views • 14 slides
The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

The four-story, underground Capitol Extension in Austin, Texas for Capitol Building.

July 26 th , 2017 To: Landmarks Preservation Board From: Ron Taylor/Structural Engineer Re. Answers to the questions: Going underground is not practical or feasible The construction challenges of going underground are not unusual. Many museums

533 views • 6 slides
Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover

Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover

Ju July ly Ecosystem em Enrich ichmen ent: t: Reso esources ces for a a Rec ecover erin ing g Ec Economy The session is being recorded, the PowerPoint will be sent out after the session. Info from past Ecosystem Enrichments

483 views • 47 slides
Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground

Bernard Sadoulet Dept. of Physics /LBNL UC Berkeley UC Institute for Nuclear and Particle Astrophysics and Cosmology (INPAC) Underground Laboratories A rapid expansion of the numbers // explosion of interest in underground science Motivations

586 views • 43 slides
Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground

Kimballton Underground Research Facility www.phys.vt.edu/~kimballton US Deep Underground Laboratories Homestake Soudan (SURF) Kimballton WIPP Key KURF Features 1450 mwe shielding drive in access ample space hour from major

570 views • 25 slides
CIRCULAR ECONOMY c Closing the Loop for apparel & footwear Circular Economy - Marina

CIRCULAR ECONOMY c Closing the Loop for apparel & footwear Circular Economy - Marina

CIRCULAR ECONOMY c Closing the Loop for apparel & footwear Circular Economy - Marina Chahboune 14.10.2017 1 Definition What is Circular Economy?? The current so called linear economy (throwaway economy) is based on depleting

1.17k views • 44 slides
underground Planning and subterranean development Jonathan Bore Going underground...

underground Planning and subterranean development Jonathan Bore Going underground...

Going underground Planning and subterranean development Jonathan Bore Going underground... Background Why here? Why now? Pros and cons Number of applications Permitted development Impact during construction

282 views • 17 slides
Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE

Underground Poetry and Poems on the Underground Robert Crawshaw Lancaster University CLE conference 16-18 April 2015 Amy Mcallister Priority https://www.youtube.com/wa tch?v=dkNZmDzqoeQ

340 views • 7 slides
ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME

ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME

ECOSYSTEM PRODUCTS FUTURE THE ECOSYSTEM TIZEN 2.1 ADDITIONAL HTML5 APIs RICH HOME SCREEN EXPERIENCE PERFORMANCE OPTIMIZATION MOBILE Tizen 2 New Major Features [Web] WebKit2 based web framework [Web] State-of-the-art

573 views • 35 slides
NAVIGATING MANGROVE RESILIENCE THROUGH THE ECOSYSTEM BASED ADAPTATION APPROACH: LESSONS FROM

NAVIGATING MANGROVE RESILIENCE THROUGH THE ECOSYSTEM BASED ADAPTATION APPROACH: LESSONS FROM

NAVIGATING MANGROVE RESILIENCE THROUGH THE ECOSYSTEM BASED ADAPTATION APPROACH: LESSONS FROM BANGLADESH Paramesh Nandy And Ronju Ahammad Community Based Adaptation to Climate Change through Coastal Afforestation (CBACC-CF) Project in

362 views • 17 slides
UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES

UNDERGROUND ECONOMIES GRAD SEC OCT 17 2017 TODAYS PAPERS UNDERGROUND ECONOMIES Economics drives both the attacks and the defenses What is for sale? Who sells it? How? Defenders: Antivirus vendors, firewall vendors, etc.

781 views • 42 slides

More recommend