www.thevigilant.com Copyright 2009 , Vigilant LLC Spy VS Spy Countering SpyEye with SpyEye Lance James Director of Intelligence Vigilant, LLC March 21 st , 2011 securing and enabling dynamic business
March 21 st , 2011
Feb 20, 2016
securing and enabling dynamic business. Spy VS Spy Countering SpyEye with SpyEye Lance James Director of Intelligence Vigilant, LLC. March 21 st , 2011. Lance James. Lance James Director of Intelligence, Vigilant, LLC Founder of Secure Science Corporation Brief Bio: - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Company Overview securing and enabling dynamic businessSpy VS
Spy
*
*
*
Brief Bio:
Author of “Phishing Exposed”,
3rd Book on it’s way (counter-intelligence)
Loves Karaoke
*
*
*
DIY Builder Kits
Merging with Zeus
Debug.log (general traffic)
Tasks.log (what it’s doing)
Backup.sh (sql dump and passwords)
Config.ini (settings)
*
*
History: specific URI discovered publicly 09/07/2010
Prior attacks from this IP discovered 07/26/2010 (same operator)
ASN 48587 (known for malicious activity)
Location: Ukraine (UA)
Malware Life-cycle: Monday 08/30/10 – Friday, 09/24/10 (25 days)
Unique computers infected: 28,590
Unique binaries distributed: 2,325
Including Frm_grab.php
Same concept as request 1 world readable file
Many requests at once
Explain it to attorney
DOJ conservative to risk
How it works
*
*
*
*
Header Modification
*
*
Bot GUIDS per data compromise
Dates of compromises
*
*
We’re gonna need it
Do or Do Not!
There is no try
*
*
*
Brief Bio:
Author of “Phishing Exposed”,
3rd Book on it’s way (counter-intelligence)
Loves Karaoke
*
*
*
DIY Builder Kits
Merging with Zeus
Debug.log (general traffic)
Tasks.log (what it’s doing)
Backup.sh (sql dump and passwords)
Config.ini (settings)
*
*
History: specific URI discovered publicly 09/07/2010
Prior attacks from this IP discovered 07/26/2010 (same operator)
ASN 48587 (known for malicious activity)
Location: Ukraine (UA)
Malware Life-cycle: Monday 08/30/10 – Friday, 09/24/10 (25 days)
Unique computers infected: 28,590
Unique binaries distributed: 2,325
Including Frm_grab.php
Same concept as request 1 world readable file
Many requests at once
Explain it to attorney
DOJ conservative to risk
How it works
*
*
*
*
Header Modification
*
*
Bot GUIDS per data compromise
Dates of compromises
*
*
We’re gonna need it
Do or Do Not!
There is no try
Related Documents
