nullcon 2011 - No bullshit on underground crime: traces, trends, attribution, techniques and more

NO BULLSHIT Underground crime: traces, trends, attribution, and more ,[object Object],http://null.co.in/ http://nullcon.net/

Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Still .. meet the “authors”.. :) http://null.co.in/ http://nullcon.net/ Started as hobby project We talked about this At c0c0n Here you’ll see Some fresh stuff Why? ... Something we do When we need a Good laugh :)

Чтобы заработь на Интернете не нужно ничего и даже мозгов ничего и даже мозгов ,[object Object],My favorite quote:

But it is not only about money

Attack attribution http://null.co.in/ http://nullcon.net/

General: $$ vs. APT ,[object Object],[object Object],http://null.co.in/ http://nullcon.net/

A word on attribution ,[object Object],http://null.co.in/ http://nullcon.net/

Points to note ,[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Brief: Data sources and Tools (covered in workshop) http://null.co.in/ http://nullcon.net/

Data analysis and sources ,[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Intelligence Gathering ,[object Object],http://null.co.in/ http://nullcon.net/

Automation: difficulties difficulties ,[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Ex.: What does this say? http://null.co.in/ http://nullcon.net/

Good luck w/ automated translation ,[object Object],http://null.co.in/ http://nullcon.net/

Slang sources ,[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/ Team Cymru has a nice research on russian slang. Not repeated here

Tools of trade ,[object Object],http://null.co.in/ http://nullcon.net/

So, russian underground - mafia or geeks? :) http://null.co.in/ http://nullcon.net/

From russia with ... ,[object Object],http://null.co.in/ http://nullcon.net/

-malware - http://null.co.in/ http://nullcon.net/ Stuff that lives in your PC Against your will :)

Typical export sample: ,[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Looks familiar? http://null.co.in/ http://nullcon.net/

Моscow arest (31/08/2010) http://null.co.in/ http://nullcon.net/ Annual income: over 500,000 rubles (100,000USD) One unlock charged at 300 rubles (10USD) Via SMS

Scale: big http://null.co.in/ http://nullcon.net/

“export” through legitimate sites http://null.co.in/ http://nullcon.net/

Which end up in Google blacklist Google blacklist http://null.co.in/ http://nullcon.net/

Why such spike? ,[object Object],[object Object],http://null.co.in/ http://nullcon.net/

But there’s much more.. http://null.co.in/ http://nullcon.net/ malware OTHER COOL STUFF :-)

That’s not a russian hax0r http://null.co.in/ http://nullcon.net/

This is closer.. http://null.co.in/ http://nullcon.net/

Insight on underground market ,[object Object],http://null.co.in/ http://nullcon.net/

We don’t sell or advertize any service ,[object Object],http://null.co.in/ http://nullcon.net/ Disclaimer:

“We are after the money!” ;-) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

“Ликбез” ,[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Online currencies ,[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

More payment systems http://null.co.in/ http://nullcon.net/

Exchange points http://null.co.in/ http://nullcon.net/

Trading rules http://null.co.in/ http://nullcon.net/ Guarantee service

Service verification http://null.co.in/ http://nullcon.net/

blacklists http://null.co.in/ http://nullcon.net/

White lists http://null.co.in/ http://nullcon.net/

Credit cards http://null.co.in/ http://nullcon.net/ Very accessible

CC deals made easy http://null.co.in/ http://nullcon.net/

Cards, burners http://null.co.in/ http://nullcon.net/

And more http://null.co.in/ http://nullcon.net/

Bad $$ => good $$ :P http://null.co.in/ http://nullcon.net/

Other Online goods Online goods http://null.co.in/ http://nullcon.net/

Professional mass infection infection http://null.co.in/ http://nullcon.net/ <--Pricing (per 1000 installs) <--Pricing (per 1000 installs)

ICQ - elite nums :p http://null.co.in/ http://nullcon.net/

Mail cracking -:) http://null.co.in/ http://nullcon.net/ ~65USD Price in rubles

Passport scans http://null.co.in/ http://nullcon.net/ 4-5USD/scan avg .eu, .ru, .us, asian One-hand sales Also offered - scan “redraw” Special prices for bulk

Full package is also available http://null.co.in/ http://nullcon.net/

“Business package” Pa Includes.. Includes.. http://null.co.in/ http://nullcon.net/ Под средства любой загрязненности! For money of any state of dirtiness В комплект входит: Pack includes 1.Банковский акк(online доступ) Online bank account access 2.АТМ картa(Дневной лимит на снятие средств 1000$/6000$ В МЕСЯЦ-Возможно увеличение лимита +30$-) ATM card (1000/6000USD per month withdrawal limit) 3.Карта кодов (для online доступа) online access passwords 4 .Копия паспорта дропа Passport copy of “poor john” 5.Sim-ka SIM card Also can be pre-ordered on custom passport scan (25USD)

Drop: http://null.co.in/ http://nullcon.net/ Another way to turn dirty cash into profit

Saw the news? :) http://null.co.in/ http://nullcon.net/

Zeus witchunt :) http://null.co.in/ http://nullcon.net/ Not sure if this would change things :)

New bots - custom made http://null.co.in/ http://nullcon.net/ http://www.nomina.ru/search/alternatives_by_value.php?paid_till=2010-09-06&domain=rundll32.ru

Or pre-built http://null.co.in/ http://nullcon.net/ Why “zeus” when you can buy this?! :p

Comes with handy Admin panel Admin panel http://null.co.in/ http://nullcon.net/

Traf + loader = $$$$ http://null.co.in/ http://nullcon.net/

Costs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/ Per 1000 Unique visitors

Mass domain theft theft http://null.co.in/ http://nullcon.net/

DDOS Very affordable Very affordable http://null.co.in/ http://nullcon.net/ We remove sites of your concurrents with DDOS attack. Fast and effective. Supported: Prices (in WMZ ~= USD) Discounts for bulk

Abuse resistant hosting http://null.co.in/ http://nullcon.net/

Malware A/V QA http://null.co.in/ http://nullcon.net/

Hash cracking In cloud In cloud http://null.co.in/ http://nullcon.net/

Captcha In cloud In cloud http://null.co.in/ http://nullcon.net/

Exploit packs http://null.co.in/ http://nullcon.net/

With nice stats http://null.co.in/ http://nullcon.net/

Stats per country http://null.co.in/ http://nullcon.net/ Clicks, loads (pwned ;), percentage)

Need to build Botnet? http://null.co.in/ http://nullcon.net/

Welcome TDS system TDS system http://null.co.in/ http://nullcon.net/

Seller http://null.co.in/ http://nullcon.net/

Buyer http://null.co.in/ http://nullcon.net/

Owner http://null.co.in/ http://nullcon.net/

“Game” rules :) http://null.co.in/ http://nullcon.net/ Iframe traff. 4USD/1000 clicks No bot traf (ruclicks) Payday - every monday

Making money together http://null.co.in/ http://nullcon.net/ Fake AV affiliation program

Fake AV payouts http://null.co.in/ http://nullcon.net/ Balance Login

Crimeware: trends And research And research http://null.co.in/ http://nullcon.net/

Moving mobile ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Brief on antiy rep http://null.co.in/ http://nullcon.net/

Spreading vector http://null.co.in/ http://nullcon.net/

Mobile Malware http://null.co.in/ http://nullcon.net/

A case study ,[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Taking a glance http://null.co.in/ http://nullcon.net/

The trick! http://null.co.in/ http://nullcon.net/ Press the button “stop” as soon as possible!

SEO spam http://null.co.in/ http://nullcon.net/ <*bad* word (rus)

Now - delivered professionally :) http://null.co.in/ http://nullcon.net/

malwertising http://null.co.in/ http://nullcon.net/

Malware infection Hidden behind login screens Hidden behind login screens ,[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Anti-DDOS el russo http://null.co.in/ http://nullcon.net/

Research ,[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Hunt the hunter ,[object Object],[object Object],[object Object],[object Object],[object Object]

Botnet cost estimation :) http://null.co.in/ http://nullcon.net/

DIY botnet ;) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

How much it costs ,[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

So what’s up with russian authorities?! ：） http://null.co.in/ http://nullcon.net/

No words ;-) http://null.co.in/ http://nullcon.net/

What’s next? http://null.co.in/ http://nullcon.net/

Get some edukation :-) http://null.co.in/ http://nullcon.net/

finale ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],http://null.co.in/ http://nullcon.net/

Thanks! Throw your questions! ,[object Object],http://null.co.in/ http://nullcon.net/

nullcon 2011 - No bullshit on underground crime: traces, trends, attribution, techniques and more

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a nullcon 2011 - No bullshit on underground crime: traces, trends, attribution, techniques and more

Semelhante a nullcon 2011 - No bullshit on underground crime: traces, trends, attribution, techniques and more (20)

Mais de n|u - The Open Security Community

Mais de n|u - The Open Security Community (20)

Último

Último (20)

nullcon 2011 - No bullshit on underground crime: traces, trends, attribution, techniques and more