Workshops‎ > ‎cs-ga-2010-1‎ > ‎cs-ga-2010‎ > ‎

Andreas Baumhof


Learning from the bad guys is learning from the best
A practical overview on how the bad guys adopt and circumvent any security initiatives and what we can do about it

Zeus and Mebroot represent a large percentage of cybercrime committed around the world. This presentation will discuss how these trojans continue to be the most sophisticated Trojans that attack any security countermeasures by the financial institutions, ecommerce providers, … We look at how these Trojans constantly evolve and extend their reach to a much wider audience. We also look at the new javascript engine (dubbed Leprechaun) that enables the bad guys to harvest challenge response, one-time-passwords or any other dynamic authentication method in a very interactive and professional way. In a nutshell, it allows bypass of nearly all authentication mechanisms in place (e.g. SMS tokens, secret questions and even very elaborate challenge mechanisms use by some banks).

Furthermore we discuss what Mebroot is doing with its Sizzler CSS engine where we can find scary functions such as “CreateTransactions” that take all transaction details (including transaction one time passwords)
as parameters to automatically execute a wire transfer and how the bad guys get around any device fingerprinting that some service providers use.

Lastly we discuss some ways what we can do to improve the situation and to get back on top of these threats.