fighting malware - raid symposium · jeanson james ancheta plead guilty to four felony charges of...
TRANSCRIPT
![Page 1: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/1.jpg)
1
Fighting Malware
Luis CorronsPandaLabs Technical Director
![Page 2: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/2.jpg)
![Page 3: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/3.jpg)
![Page 4: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/4.jpg)
![Page 5: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/5.jpg)
Who is behind this?Who is behind this?
![Page 6: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/6.jpg)
YesterdayYesterday’’s Bad Guyss Bad GuysBlaster.B Nestky / Sasser CIH 29-A
Jeffrey Lee Parson Sven Jaschan Chen Ing-Hau Benny
![Page 7: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/7.jpg)
TodayToday’’s Bad Guyss Bad Guys
Jeremy JaynesAndrew SchwarmkoffJames Ancheta
Phishing SpamSpam
![Page 8: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/8.jpg)
Jeanson James Ancheta
Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection with Computers
Penalty:57 months in prison
![Page 9: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/9.jpg)
Adam Botbyl
The government claimed that the crime could have caused more than $2.5 million in damages.
Penalty:26 months in prison
![Page 10: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/10.jpg)
Cameron Lacroix
Plead guilty to hacking into the cell-phone account of celebrity Paris Hilton and participated in an attack on data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers.
Penalty:11 months in a Massachusetts juvenile detention facility
![Page 11: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/11.jpg)
Ehud Tenenbaum
Admitted to cracking US and Israeli computers, and plead guilty to conspiracy, wrongful infiltration of computerized material, disruption of computer use and destroying evidence.
Penalty:Six months of community service(in 2001)
August 2009:Pleaded guilty to a single count ofbank-card fraud for his role in asophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.
![Page 12: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/12.jpg)
A Real CaseA Real Case
![Page 13: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/13.jpg)
![Page 14: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/14.jpg)
The The ““Infected TeamInfected Team””MPackMPack
Dream DownloaderDream Downloader
LimboLimbo
Total Investment: 1,500$Total Investment: 1,500$
![Page 15: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/15.jpg)
The The ““Infected TeamInfected Team””
![Page 16: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/16.jpg)
The The ““Infected TeamInfected Team””
LetLet’’s do some mathss do some maths……China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 = $703$0.01 * 70,300 = $703Finland, NorwayFinland, Norway……:: $0.05 * 70,300 = $3,515$0.05 * 70,300 = $3,515UK, FranceUK, France……:: $0.20 * 70,300 = $14,060$0.20 * 70,300 = $14,060USA, Canada:USA, Canada: $0.40 * 70,300 = $28,120$0.40 * 70,300 = $28,120
And the same numbers in 30 daysAnd the same numbers in 30 days……China, Korea, Japan:China, Korea, Japan: $0.01 * 70,300 * 30 = $21,090$0.01 * 70,300 * 30 = $21,090Finland, NorwayFinland, Norway……:: $0.05 * 70,300 * 30 = $105,450$0.05 * 70,300 * 30 = $105,450UK, FranceUK, France……:: $0.20 * 70,300 * 30 = $421,800$0.20 * 70,300 * 30 = $421,800USA, Canada:USA, Canada: $0.40 * 70,300 * 30 = $843,600$0.40 * 70,300 * 30 = $843,600
![Page 17: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/17.jpg)
The The ““Infected TeamInfected Team””
WhoWho’’s paying the s paying the ““Infected TeamInfected Team””? ?
![Page 18: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/18.jpg)
![Page 19: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/19.jpg)
![Page 20: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/20.jpg)
Rogueware Infected Computers 3.50%Computers worldwide 1 billion (Forrester)
35,000,000 infected computers / monthly
Phishing victims (Gartner) 3.30%
35 million computers ≠ 35 million users
557,500 rogueware buyers / monthly
Let’s take just half: 17.5 million people
![Page 21: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/21.jpg)
![Page 22: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/22.jpg)
Rogueware Average Price $59.95
$59.95 * 557,000 = $34,621,125 PER MONTH
$415,453,500 PER YEAR
![Page 23: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/23.jpg)
![Page 24: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/24.jpg)
$81,388 USD in 6 days!
![Page 25: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/25.jpg)
![Page 26: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/26.jpg)
![Page 27: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/27.jpg)
![Page 28: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/28.jpg)
![Page 29: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/29.jpg)
![Page 30: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/30.jpg)
![Page 31: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/31.jpg)
![Page 32: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/32.jpg)
![Page 33: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/33.jpg)
![Page 34: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/34.jpg)
![Page 35: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/35.jpg)
![Page 36: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/36.jpg)
![Page 37: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/37.jpg)
![Page 38: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/38.jpg)
![Page 39: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/39.jpg)
Malware figuresMalware figures
![Page 40: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/40.jpg)
![Page 41: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/41.jpg)
Malware figuresMalware figures
![Page 42: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/42.jpg)
Malware figuresMalware figures
![Page 43: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/43.jpg)
![Page 44: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/44.jpg)
• 1,000,000 malicious links indexed by Google• 3,000,000 legitimate search terms hijacked• Targeted users looking for instructions (E.g. How to loosen a tension belt)• Served 100 new MSAntiSpyware2009 binaries in 24 hours
SEO attack against Ford Motor Company
![Page 45: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/45.jpg)
Comments on Digg.com leading to Rogueware
• 500,000+ comments leading to Rogueware• Comments targeted news submission title and content
![Page 46: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/46.jpg)
Twitter trending topics lead to Rogueware
• Messages (tweets) targetting trending topics on Twitter.com• 27,000 tweets per 24 hours• 60 unique samples detected over 72 hour period
![Page 47: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/47.jpg)
Rogueware exploits Wordpress vulnerability to facilitate Blackhat SEO attack
• Affected Ned.org and TheWorkBuzz.com• Targeted a security vulnerability in an old version of Wordpress• Redirected all links to point to Rogueware servers
![Page 48: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/48.jpg)
![Page 49: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/49.jpg)
![Page 50: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/50.jpg)
ConclusionConclusion
![Page 51: Fighting Malware - RAID Symposium · Jeanson James Ancheta Plead guilty to four felony charges of violating United States Code Section 1030, Fraud and Related Activity in Connection](https://reader036.vdocuments.net/reader036/viewer/2022062507/5fd7b1eedf433a7af9645138/html5/thumbnails/51.jpg)