130 likes | 298 Views
n. WYSI WYG. Peter Stan cik Security Evangelist. What you see is not what you get. What you see is not what you get. Infection vectors. Drive-by download. Social engineering. Blackhat SEO. SPAM. Social networks. Blackhat SEO. Social networks. What do I get ( instead )?.
E N D
n WYSI WYG Peter Stancik SecurityEvangelist
Infection vectors Drive-by download Social engineering Blackhat SEO SPAM Social networks
What do I get (instead)? • BankingTrojans …with mobile components Something “special” from the grey zone… Scareware …Rogue AVs, Registry Cleaners …etc…
Banking Trojans • Man-in-the-Browser • Man-in-the-Mobile • Scenario: • Steal credentials using MitB • Infect victim’s mobile phone – MitMo • Log in using stolen credentials; perform transaction • Mobile malware forwards authentication SMS to attacker • Fill in authentication code and complete transaction • Zeus and now SpyEye: detected as SymbOS/Spitmo • *pictures from http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-ii.html
Thank you! stancik@eset.sk blog.eset.com