SlideShare ist ein Scribd-Unternehmen logo

Fear, Uncertainty and Doubt

Manuel Schmalstieg
Manuel Schmalstieg

Presentation given in collaboration with Laurent Schmid (electric-haze.org) at the Espace Jules Verne of the Maison D\'ailleurs, Yverdon, Switzerland.

1 von 36
FUD FEAR, UNCERTAINTY AND DOUBT Dark Designs Symposium Yverdon - October 14 2008
BOT • derived from the word "robot" • program that performs repetitive functions • infected computer controlled by another computer
BOTNET • a network of bots • commonly used to control or attack computer systems • controlled through an IRC channel. • also referred to as “zombies” or “drones”
USE OF BOTNETS • distributing spam • mounting DDoS attacks • sniffing network traffic • key logging • click fraud (Google AdWords)
IRC • Internet Relay Chat • created in 1988 • first bots : 1993 • client / server
HISTORY • 1999: SETI@home • screensaver program • prove the viability and practicality of the 'distributed grid computing' concept
SETI@home
February 2000 • first widely publicized botnet incident • floods CNN.com, Amazon.com, eBay... • 75 computers in 52 different networks
SubSeven Discovered: June 6, 1999 also known as: Backdoor.SubSeven (Kaspersky Lab), Backdoor.SubSeven22 (Symantec), BackDoor.SubSeven (Doctor Web), Troj/Sub7-1.7 (Sophos), Backdoor:Win32/SubSeven.A (RAV)...
SubSeven
SubSeven • server / client • control over IRC • monitor keystrokes • remote desktop application
SubSeven
SubSeven
SubSeven • october 2000 • 800 infected computers found • SexxxyMovie.mpeg.exe
GTbot • modified IRC client • coupled with the hackers own scripts • port scanning • DDoS attacks
DDoS • Distributed Denial of Service Attack • attacker causes a network of computers to “flood” a victim computer with large amounts of data or specific commands
GTbot
GTbot
DDoS
Agobot • most widely circulated virus in history • best-written source code • C++ base plugin framework • GPL license
Op.Cyberslam • October 2003 • Agobot used in DDoS attack • Botnet: 5000 to 15000 computers • FBI investigation
Op.Cyberslam
Op.Cyberslam
October 2005 • Discovery of a botnet counting 1.5 million compromised computers
January 2007 • The Storm Botnet is identified. • Estimate: from 600 million computers on the Internet, 150 million belong to a botnet (Vint Cerf).
STORM BOTNET • 1 million to 50 million computer systems • encrypted P2P control • more computing power than the world’s 500 top supercomputers
Russian Business Network
RBN • cybercrime organization • personal identity theft • bulletproof hosting • child pornography, phishing, spam, and malware distribution • physically based in St. Petersburg
Companies RBNet, TcS Network, RBNetwork, Nevcon Ltd. RBusinessNetwork, (Panama), iFrame Cash, Too coin Software Aki Mon Telecom, (UK), 4Stat, 76service, Eexhost, MalwareAlarm... Rusouvenirs Ltd.,
Malware Gozi, Grab, Haxdoor, Metaphisher, Mpack, Ordergun, Pinch, Rustock, Snatch, Torpig, URsnif... • viruses or worms • send data back to RBN servers
October 2007 • Storm Botnet reduces size • fallen to 160,000 systems • partitioning / smaller networks • 40-byte key encryption
November 2007 • RBN vanishes from the web • unusual bulk registries of thousands of Web addresses in China • servers move to Shangai/Taiwan
KRAKEN BOTNET • largest botnet as of april 08 • over 400’000 bots • also known as: Bobax, Oderoor, Cotmonger
Fear, Uncertainty and Doubt
Fear, Uncertainty and Doubt

Empfohlen

Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
Hta r35
Hta r35Hta r35
Hta r35SelectedPresentations
 
The Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial FootprintsThe Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial Footprintsk3vb0t
 
Beveilig je data met windows 10
Beveilig je data met windows 10 Beveilig je data met windows 10
Beveilig je data met windows 10 Avanade Nederland
 
Exploits
ExploitsExploits
ExploitsTylor Shellenberger
 
Wardriving
WardrivingWardriving
WardrivingMonika Deswal
 

Empfohlen

Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...
Botnets - What, How and Why by Utsav Mittal @ OWASP Delhi July, 2014 Monthly ...OWASP Delhi
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
Hta r35
Hta r35Hta r35
Hta r35SelectedPresentations
 
The Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial FootprintsThe Ransomware Threat: Tracking the Digitial Footprints
The Ransomware Threat: Tracking the Digitial Footprintsk3vb0t
 
Beveilig je data met windows 10
Beveilig je data met windows 10 Beveilig je data met windows 10
Beveilig je data met windows 10 Avanade Nederland
 
Exploits
ExploitsExploits
ExploitsTylor Shellenberger
 
Wardriving
WardrivingWardriving
WardrivingMonika Deswal
 
Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)avahe
 
Vpn presnt
Vpn presntVpn presnt
Vpn presntFrikha Nour
 
Kali linux
Kali linuxKali linux
Kali linuxafraalfalasii
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet DetectorBrenton Mallen
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoTJose L. Quiñones-Borrero
 
Dark web
Dark webDark web
Dark webSafwan Hashmi
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ歩 奥山
 
Conficker
ConfickerConficker
Confickeremartinez.romero
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Mikko Hypponen
 
FreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksFreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksGeekNightHyderabad
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and BotnetHicube Infosec
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCUJose L. Quiñones-Borrero
 
Bsides angler-evolution talk
Bsides angler-evolution talkBsides angler-evolution talk
Bsides angler-evolution talkEarl Carter
 
Snooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICSSnooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICSPriyanka Aash
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 
Hacking
Hacking Hacking
Hacking SahilGothoskar
 
Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...Leishman Associates
 
Navy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) WestphalenNavy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) WestphalenLeishman Associates
 

Weitere ähnliche Inhalte

Was ist angesagt?

Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)avahe
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet DetectorBrenton Mallen
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ歩 奥山
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Mikko Hypponen
 
FreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksFreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksGeekNightHyderabad
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is tickingManoj Kumar Mishra
 
Bsides angler-evolution talk
Bsides angler-evolution talkBsides angler-evolution talk
Bsides angler-evolution talkEarl Carter
 
Snooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICSSnooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICSPriyanka Aash
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Edureka!
 

Was ist angesagt? (20)

Know Your Worm (Conficker)
Know Your Worm (Conficker)Know Your Worm (Conficker)
Know Your Worm (Conficker)
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
 
Kali linux
Kali linuxKali linux
Kali linux
 
Global Botnet Detector
Global Botnet DetectorGlobal Botnet Detector
Global Botnet Detector
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Dark web
Dark webDark web
Dark web
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
 
やってみよう!0円セキュリティ
やってみよう!0円セキュリティやってみよう!0円セキュリティ
やってみよう!0円セキュリティ
 
Conficker
ConfickerConficker
Conficker
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
 
FreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networksFreedomBox & Community Wi-Fi networks
FreedomBox & Community Wi-Fi networks
 
Bots and Botnet
Bots and BotnetBots and Botnet
Bots and Botnet
 
Ransomware the clock is ticking
Ransomware the clock is tickingRansomware the clock is ticking
Ransomware the clock is ticking
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Bsides angler-evolution talk
Bsides angler-evolution talkBsides angler-evolution talk
Bsides angler-evolution talk
 
Snooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICSSnooping on Cellular Gateways and Their Critical Role in ICS
Snooping on Cellular Gateways and Their Critical Role in ICS
 
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
Learn Ethical Hacking With Kali Linux | Ethical Hacking Tutorial | Kali Linux...
 
Hacking
Hacking Hacking
Hacking
 

Andere mochten auch

Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...Leishman Associates
 
Navy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) WestphalenNavy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) WestphalenLeishman Associates
 
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...Leishman Associates
 
Pilot selection anthropometry a comparison with measures taken by a single a...
Pilot selection anthropometry a comparison with measures taken by a single a...Pilot selection anthropometry a comparison with measures taken by a single a...
Pilot selection anthropometry a comparison with measures taken by a single a...Leishman Associates
 
The Loss of HMAS SYDNEY 2: Medical Aspects- Westphalen
The Loss of HMAS SYDNEY 2: Medical Aspects- WestphalenThe Loss of HMAS SYDNEY 2: Medical Aspects- Westphalen
The Loss of HMAS SYDNEY 2: Medical Aspects- WestphalenLeishman Associates
 
General physicians and the adf Heddle
General physicians and the adf HeddleGeneral physicians and the adf Heddle
General physicians and the adf HeddleLeishman Associates
 
Recognising early deteriorating signs a project at kapooka health centre pocius
Recognising early deteriorating signs a project at kapooka health centre pociusRecognising early deteriorating signs a project at kapooka health centre pocius
Recognising early deteriorating signs a project at kapooka health centre pociusLeishman Associates
 

Andere mochten auch (8)

Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...Fear, uncertainty, doubt. public perception versus radiation protection scien...
Fear, uncertainty, doubt. public perception versus radiation protection scien...
 
Navy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) WestphalenNavy asbestos containing material (acm) Westphalen
Navy asbestos containing material (acm) Westphalen
 
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...
Endurance, Courage and Care: The 1942 Kokoda Track Campaign of Captain Alan W...
 
Pilot selection anthropometry a comparison with measures taken by a single a...
Pilot selection anthropometry a comparison with measures taken by a single a...Pilot selection anthropometry a comparison with measures taken by a single a...
Pilot selection anthropometry a comparison with measures taken by a single a...
 
The Loss of HMAS SYDNEY 2: Medical Aspects- Westphalen
The Loss of HMAS SYDNEY 2: Medical Aspects- WestphalenThe Loss of HMAS SYDNEY 2: Medical Aspects- Westphalen
The Loss of HMAS SYDNEY 2: Medical Aspects- Westphalen
 
General physicians and the adf Heddle
General physicians and the adf HeddleGeneral physicians and the adf Heddle
General physicians and the adf Heddle
 
1410 young
1410 young1410 young
1410 young
 
Recognising early deteriorating signs a project at kapooka health centre pocius
Recognising early deteriorating signs a project at kapooka health centre pociusRecognising early deteriorating signs a project at kapooka health centre pocius
Recognising early deteriorating signs a project at kapooka health centre pocius
 

Ähnlich wie Fear, Uncertainty and Doubt

Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applicationsUltraUploader
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...Felipe Prado
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineeringintertelinvestigations
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At ScaleMayank Dhiman
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosfangjiafu
 

Ähnlich wie Fear, Uncertainty and Doubt (20)

Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Botnetsand applications
Botnetsand applicationsBotnetsand applications
Botnetsand applications
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)
 
BOTNET
BOTNETBOTNET
BOTNET
 
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...
DEF CON 27 - MASARAH PAQUET CLOUSTON and OLIVER BILODEAU - the industry of so...
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Introduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse EngineeringIntroduction to Malware Detection and Reverse Engineering
Introduction to Malware Detection and Reverse Engineering
 
Automation Attacks At Scale
Automation Attacks At ScaleAutomation Attacks At Scale
Automation Attacks At Scale
 
Layer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dosLayer one 2011-sam-bowne-layer-7-dos
Layer one 2011-sam-bowne-layer-7-dos
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 

Mehr von Manuel Schmalstieg

Free & Libre Graphics – Eracom – 2019
Free & Libre Graphics – Eracom – 2019Free & Libre Graphics – Eracom – 2019
Free & Libre Graphics – Eracom – 2019Manuel Schmalstieg
 
Typographie - notions de design graphique, HE-Arc, 2018
Typographie - notions de design graphique, HE-Arc, 2018Typographie - notions de design graphique, HE-Arc, 2018
Typographie - notions de design graphique, HE-Arc, 2018Manuel Schmalstieg
 
Couleur - notions de design graphique, HE-Arc, 2018
Couleur - notions de design graphique, HE-Arc, 2018Couleur - notions de design graphique, HE-Arc, 2018
Couleur - notions de design graphique, HE-Arc, 2018Manuel Schmalstieg
 
Workshop design graphique (HE-Arc, novembre 2017)
Workshop design graphique (HE-Arc, novembre 2017)Workshop design graphique (HE-Arc, novembre 2017)
Workshop design graphique (HE-Arc, novembre 2017)Manuel Schmalstieg
 
A Book Isn’t A Book Isn’t A Book
A Book Isn’t A Book Isn’t A BookA Book Isn’t A Book Isn’t A Book
A Book Isn’t A Book Isn’t A BookManuel Schmalstieg
 
Black Holes in the Gutenberg Galaxy
Black Holes in the Gutenberg GalaxyBlack Holes in the Gutenberg Galaxy
Black Holes in the Gutenberg GalaxyManuel Schmalstieg
 
Date managment for minimalists
Date managment for minimalistsDate managment for minimalists
Date managment for minimalistsManuel Schmalstieg
 
What text styles could learn from CSS
What text styles could learn from CSSWhat text styles could learn from CSS
What text styles could learn from CSSManuel Schmalstieg
 
Designing a Libre Font Specimen Book
Designing a Libre Font Specimen BookDesigning a Libre Font Specimen Book
Designing a Libre Font Specimen BookManuel Schmalstieg
 
WordPress 3.5 Release Celebration (Geneva Meetup)
WordPress 3.5 Release Celebration (Geneva Meetup)WordPress 3.5 Release Celebration (Geneva Meetup)
WordPress 3.5 Release Celebration (Geneva Meetup)Manuel Schmalstieg
 
Greyscale Press - stratégies d'auto-archivage
Greyscale Press - stratégies d'auto-archivageGreyscale Press - stratégies d'auto-archivage
Greyscale Press - stratégies d'auto-archivageManuel Schmalstieg
 
VJing - From software to public space
VJing - From software to public spaceVJing - From software to public space
VJing - From software to public spaceManuel Schmalstieg
 
Wiki-Sprint Geneva (Mapping Festival 2010)
Wiki-Sprint Geneva (Mapping Festival 2010)Wiki-Sprint Geneva (Mapping Festival 2010)
Wiki-Sprint Geneva (Mapping Festival 2010)Manuel Schmalstieg
 

Mehr von Manuel Schmalstieg (20)

Free & Libre Graphics – Eracom – 2019
Free & Libre Graphics – Eracom – 2019Free & Libre Graphics – Eracom – 2019
Free & Libre Graphics – Eracom – 2019
 
Typographie et WordPress
Typographie et WordPressTypographie et WordPress
Typographie et WordPress
 
Typographie - notions de design graphique, HE-Arc, 2018
Typographie - notions de design graphique, HE-Arc, 2018Typographie - notions de design graphique, HE-Arc, 2018
Typographie - notions de design graphique, HE-Arc, 2018
 
Couleur - notions de design graphique, HE-Arc, 2018
Couleur - notions de design graphique, HE-Arc, 2018Couleur - notions de design graphique, HE-Arc, 2018
Couleur - notions de design graphique, HE-Arc, 2018
 
Open Talk #6
Open Talk #6Open Talk #6
Open Talk #6
 
Workshop design graphique (HE-Arc, novembre 2017)
Workshop design graphique (HE-Arc, novembre 2017)Workshop design graphique (HE-Arc, novembre 2017)
Workshop design graphique (HE-Arc, novembre 2017)
 
Seminaire web EAA 2017
Seminaire web EAA 2017Seminaire web EAA 2017
Seminaire web EAA 2017
 
Le design du HTML5 (Remix)
Le design du HTML5 (Remix)Le design du HTML5 (Remix)
Le design du HTML5 (Remix)
 
A Book Isn’t A Book Isn’t A Book
A Book Isn’t A Book Isn’t A BookA Book Isn’t A Book Isn’t A Book
A Book Isn’t A Book Isn’t A Book
 
ELIF - Lyon - 29-03-2016
ELIF - Lyon - 29-03-2016ELIF - Lyon - 29-03-2016
ELIF - Lyon - 29-03-2016
 
Black Holes in the Gutenberg Galaxy
Black Holes in the Gutenberg GalaxyBlack Holes in the Gutenberg Galaxy
Black Holes in the Gutenberg Galaxy
 
Date managment for minimalists
Date managment for minimalistsDate managment for minimalists
Date managment for minimalists
 
2x10 - le concept
2x10 - le concept2x10 - le concept
2x10 - le concept
 
What text styles could learn from CSS
What text styles could learn from CSSWhat text styles could learn from CSS
What text styles could learn from CSS
 
Designing a Libre Font Specimen Book
Designing a Libre Font Specimen BookDesigning a Libre Font Specimen Book
Designing a Libre Font Specimen Book
 
Portfolio 2012
Portfolio 2012Portfolio 2012
Portfolio 2012
 
WordPress 3.5 Release Celebration (Geneva Meetup)
WordPress 3.5 Release Celebration (Geneva Meetup)WordPress 3.5 Release Celebration (Geneva Meetup)
WordPress 3.5 Release Celebration (Geneva Meetup)
 
Greyscale Press - stratégies d'auto-archivage
Greyscale Press - stratégies d'auto-archivageGreyscale Press - stratégies d'auto-archivage
Greyscale Press - stratégies d'auto-archivage
 
VJing - From software to public space
VJing - From software to public spaceVJing - From software to public space
VJing - From software to public space
 
Wiki-Sprint Geneva (Mapping Festival 2010)
Wiki-Sprint Geneva (Mapping Festival 2010)Wiki-Sprint Geneva (Mapping Festival 2010)
Wiki-Sprint Geneva (Mapping Festival 2010)
 

Fear, Uncertainty and Doubt

  • 1.
  • 2. FUD FEAR, UNCERTAINTY AND DOUBT Dark Designs Symposium Yverdon - October 14 2008
  • 3. BOT • derived from the word "robot" • program that performs repetitive functions • infected computer controlled by another computer
  • 4. BOTNET • a network of bots • commonly used to control or attack computer systems • controlled through an IRC channel. • also referred to as “zombies” or “drones”
  • 5. USE OF BOTNETS • distributing spam • mounting DDoS attacks • sniffing network traffic • key logging • click fraud (Google AdWords)
  • 6. IRC • Internet Relay Chat • created in 1988 • first bots : 1993 • client / server
  • 7. HISTORY • 1999: SETI@home • screensaver program • prove the viability and practicality of the 'distributed grid computing' concept
  • 9. February 2000 • first widely publicized botnet incident • floods CNN.com, Amazon.com, eBay... • 75 computers in 52 different networks
  • 10. SubSeven Discovered: June 6, 1999 also known as: Backdoor.SubSeven (Kaspersky Lab), Backdoor.SubSeven22 (Symantec), BackDoor.SubSeven (Doctor Web), Troj/Sub7-1.7 (Sophos), Backdoor:Win32/SubSeven.A (RAV)...
  • 12. SubSeven • server / client • control over IRC • monitor keystrokes • remote desktop application
  • 15. SubSeven • october 2000 • 800 infected computers found • SexxxyMovie.mpeg.exe
  • 16. GTbot • modified IRC client • coupled with the hackers own scripts • port scanning • DDoS attacks
  • 17. DDoS • Distributed Denial of Service Attack • attacker causes a network of computers to “flood” a victim computer with large amounts of data or specific commands
  • 18. GTbot
  • 19. GTbot
  • 20. DDoS
  • 21. Agobot • most widely circulated virus in history • best-written source code • C++ base plugin framework • GPL license
  • 22. Op.Cyberslam • October 2003 • Agobot used in DDoS attack • Botnet: 5000 to 15000 computers • FBI investigation
  • 25. October 2005 • Discovery of a botnet counting 1.5 million compromised computers
  • 26. January 2007 • The Storm Botnet is identified. • Estimate: from 600 million computers on the Internet, 150 million belong to a botnet (Vint Cerf).
  • 27. STORM BOTNET • 1 million to 50 million computer systems • encrypted P2P control • more computing power than the world’s 500 top supercomputers
  • 28. Russian Business Network
  • 29. RBN • cybercrime organization • personal identity theft • bulletproof hosting • child pornography, phishing, spam, and malware distribution • physically based in St. Petersburg
  • 30. Companies RBNet, TcS Network, RBNetwork, Nevcon Ltd. RBusinessNetwork, (Panama), iFrame Cash, Too coin Software Aki Mon Telecom, (UK), 4Stat, 76service, Eexhost, MalwareAlarm... Rusouvenirs Ltd.,
  • 31. Malware Gozi, Grab, Haxdoor, Metaphisher, Mpack, Ordergun, Pinch, Rustock, Snatch, Torpig, URsnif... • viruses or worms • send data back to RBN servers
  • 32. October 2007 • Storm Botnet reduces size • fallen to 160,000 systems • partitioning / smaller networks • 40-byte key encryption
  • 33. November 2007 • RBN vanishes from the web • unusual bulk registries of thousands of Web addresses in China • servers move to Shangai/Taiwan
  • 34. KRAKEN BOTNET • largest botnet as of april 08 • over 400’000 bots • also known as: Bobax, Oderoor, Cotmonger