Loading…
Botconf 2017 has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Economics of botnet related cybercrime [clear filter]
Wednesday, December 6
 

11:10 CET

Get Rich or Die Trying
In a World where oil is scarce and people click mail attachments they really shouldn’t, One Man sets out on an epic journey for glory, conquest, and other people’s money. So begins the amazing tale of the “Oil bot” campaign: a tale of a single man who ran a sting operation on a good share of the industrial sector, armed with nothing but his supply of off-the-shelf RATs, his very subpar OPSEC standards, and his Nigerian hutzpah. The talk will follow the entire course of Check Point’s investigation into this affair – from the few emails that didn’t add up, through the campaign’s not-so-intricate C&C infrastructure, to the point where we were inside the campaign, looking at all the incredulous details. How do you scam people into scamming other people? What leads a fraudster to leave a trail of incriminating footprints?

And what does a Nigerian scammer want with an energy company, anyway? One thing’s for sure: In this brave new world, the Nigerian prince is no longer happily calling to inform you that you should transfer your money to them; it is you who is angrily calling your bulk provider, asking where all your money went.

Speakers
avatar for Or Eshed

Or Eshed

Lead Threat Intelligence Analyst, Check Point
Or Eshed - Lead threat intelligence analyst in Check Point’s threat intelligence group. Has 10 years of experience in intelligence and investigations. Expertise in data analysis and pattern recognition.
avatar for Mark Lechtik

Mark Lechtik

Malware Resarch Team Leader, Check Point
Mark is the malware research team leader in Check Point, and has been working there in several research positions for the past 4 years. He was born in Russia, but lives most of his life in Israel, where he graduated the Ben-Gurion university with a B.Sc in communication system engineering... Read More →


Wednesday December 6, 2017 11:10 - 11:40 CET
Corum
 
Friday, December 8
 

10:10 CET

PWS, Common, Ugly but Effective
PassWord Stealer (PWS) are around since more than a decade now. They are legions. Some like Pony, aka FareIT are well known. But nobody takes really time to explain what is around, what it is capable of and how this little industry works.

However, they are still a common threat actively used according to our incidents logs.
A PWS is not a RAT we made this distinction. The aim of a PWS is to be launched, steal a lot of credentials and optionally keylog and/or drop another payload.

Sadly nobody cares about them anymore when they fire an antivirus inside a company.
To illustrate this, my presentation will go thought a couple of PWS that I meet, and I will an overview of the history and capabilities of the threat, give tricks and tools/script needed to identify and decipher them. A couple of these decoding/identification tools are freely available to the community and not written by me, this task may be achieved by a lot of security people without even any skills in reverse engineering.

Finally I will try to summarize these threats by giving to the participants a clear view of what is available in the field.

Speakers
avatar for Paul Jung

Paul Jung

Senior security consultant, Excellium Services
Paul Jung is since a long time a security enthusiast. He works in the security field in Luxembourg since more than a decade. During this time, Paul has covered operations as well as consulting within various industries. He possesses a wide range of skills and experiences that enable... Read More →


Friday December 8, 2017 10:10 - 10:40 CET
Corum