wysi wyg
DESCRIPTION
n. WYSI WYG. Peter Stan cik Security Evangelist. What you see is not what you get. What you see is not what you get. Infection vectors. Drive-by download. Social engineering. Blackhat SEO. SPAM. Social networks. Blackhat SEO. Social networks. What do I get ( instead )?. - PowerPoint PPT PresentationTRANSCRIPT
WYSI WYG
Peter Stancik Security Evangelist
n
What you see is not what you get
What you see is not what you get
Infection vectors
Blackhat SEO
Social engineering
Drive-by download
SPAM
Social networks
Blackhat SEO
Social networks
What do I get (instead)?
Banking Trojans
Something “special” from the grey zone…
Scareware …Rogue AVs, Registry Cleaners
…with mobile components
…etc…
Banking Trojans
• Man-in-the-Browser• Man-in-the-Mobile
Scenario:1. Steal credentials using MitB2. Infect victim’s mobile phone – MitMo3. Log in using stolen credentials; perform transaction4. Mobile malware forwards authentication SMS to attacker5. Fill in authentication code and complete transaction
Zeus and now SpyEye: detected as SymbOS/Spitmo
*pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
Banking Trojans
Rogue AV
DNS Changer
CA Breaches
Thank you!
[email protected] blog.eset.com