Upload
lia-fielden
View
216
Download
2
Tags:
Embed Size (px)
Citation preview
WYSI WYG
Peter Stancik Security Evangelist
n
What you see is not what you get
What you see is not what you get
Infection vectors
Blackhat SEO
Social engineering
Drive-by download
SPAM
Social networks
Blackhat SEO
Social networks
What do I get (instead)?
Banking Trojans
Something “special” from the grey zone…
Scareware …Rogue AVs, Registry Cleaners
…with mobile components
…etc…
Banking Trojans
• Man-in-the-Browser• Man-in-the-Mobile
Scenario:1. Steal credentials using MitB2. Infect victim’s mobile phone – MitMo3. Log in using stolen credentials; perform transaction4. Mobile malware forwards authentication SMS to attacker5. Fill in authentication code and complete transaction
Zeus and now SpyEye: detected as SymbOS/Spitmo
*pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
Banking Trojans
Rogue AV
DNS Changer
CA Breaches
Thank you!
[email protected] blog.eset.com