Upload
liv
View
41
Download
0
Embed Size (px)
DESCRIPTION
n. WYSI WYG. Peter Stan cik Security Evangelist. What you see is not what you get. What you see is not what you get. Infection vectors. Drive-by download. Social engineering. Blackhat SEO. SPAM. Social networks. Blackhat SEO. Social networks. What do I get ( instead )?. - PowerPoint PPT Presentation
Citation preview
WYSI WYG
Peter Stancik Security Evangelist
n
What you see is not what you get
What you see is not what you get
Infection vectors
Blackhat SEO
Social engineering
Drive-by download
SPAM
Social networks
Blackhat SEO
Social networks
What do I get (instead)?
Banking Trojans
Something “special” from the grey zone…
Scareware …Rogue AVs, Registry Cleaners
…with mobile components
…etc…
Banking Trojans
• Man-in-the-Browser• Man-in-the-Mobile
Scenario:1. Steal credentials using MitB2. Infect victim’s mobile phone – MitMo3. Log in using stolen credentials; perform transaction4. Mobile malware forwards authentication SMS to attacker5. Fill in authentication code and complete transaction
Zeus and now SpyEye: detected as SymbOS/Spitmo
*pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
Banking Trojans
Rogue AV
DNS Changer
CA Breaches
Thank you!
[email protected] blog.eset.com