1 / 13

WYSI WYG

n. WYSI WYG. Peter Stan cik Security Evangelist. What you see is not what you get. What you see is not what you get. Infection vectors. Drive-by download. Social engineering. Blackhat SEO. SPAM. Social networks. Blackhat SEO. Social networks. What do I get ( instead )?.

liv
Télécharger la présentation

WYSI WYG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. n WYSI WYG Peter Stancik SecurityEvangelist

  2. What you see is not what you get

  3. What you see is not what you get

  4. Infection vectors Drive-by download Social engineering Blackhat SEO SPAM Social networks

  5. Blackhat SEO

  6. Socialnetworks

  7. What do I get (instead)? • BankingTrojans …with mobile components Something “special” from the grey zone… Scareware …Rogue AVs, Registry Cleaners …etc…

  8. Banking Trojans

  9. Banking Trojans • Man-in-the-Browser • Man-in-the-Mobile • Scenario: • Steal credentials using MitB • Infect victim’s mobile phone – MitMo • Log in using stolen credentials; perform transaction • Mobile malware forwards authentication SMS to attacker • Fill in authentication code and complete transaction • Zeus and now SpyEye: detected as SymbOS/Spitmo • *pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html

  10. Rogue AV

  11. DNS Changer

  12. CA Breaches

  13. Thank you! stancik@eset.sk blog.eset.com

More Related