N
Download
1 / 13

WYSI WYG - PowerPoint PPT Presentation


  • 134 Views
  • Uploaded on

n. WYSI WYG. Peter Stan cik Security Evangelist. What you see is not what you get. What you see is not what you get. Infection vectors. Drive-by download. Social engineering. Blackhat SEO. SPAM. Social networks. Blackhat SEO. Social networks. What do I get ( instead )?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' WYSI WYG' - liv


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

n

WYSI WYG

Peter Stancik

SecurityEvangelist


What you see is not what you get
What you see is not what you get


What you see is not what you get1
What you see is not what you get


Infection vectors
Infection vectors

Drive-by download

Social engineering

Blackhat SEO

SPAM

Social networks



Social networks
Socialnetworks


What do i get instead
What do I get (instead)?

  • BankingTrojans

…with mobile components

Something “special” from the grey zone…

Scareware

…Rogue AVs, Registry Cleaners

…etc…



Banking trojans1
Banking Trojans

  • Man-in-the-Browser

  • Man-in-the-Mobile

  • Scenario:

    • Steal credentials using MitB

    • Infect victim’s mobile phone – MitMo

    • Log in using stolen credentials; perform transaction

    • Mobile malware forwards authentication SMS to attacker

    • Fill in authentication code and complete transaction

  • Zeus and now SpyEye: detected as SymbOS/Spitmo

  • *pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html


Rogue av
Rogue AV


Dns changer
DNS Changer


Ca breaches
CA Breaches


Thank you!

[email protected]

blog.eset.com