Grrcon 2012 – Aditya Sood And Dr. Richard Enbody – The Realm Of 3rd Generation Botnet Attacks

Description: Synopsis: Third Generation Botnets (TGBs) have circumvented the normal stature of the World Wide Web. These botnets harness the power of the HTTP communication model to complete their stealthy operations. To automate the exploit distribution mechanism for infecting users on a large scale, TGBs are collaborating with Browser Exploit Packs (BEPs). TGBs include Zeus, SpyEye, and the present-day botnet ICEX that are explicitly using BEPs such as BlackHole and Phoenix for insidious infections. Several cases of large scale infections have been seen in the recent past. Additionally, TGBs are designed with sophisticated attack techniques such as Form grabbing, Ruskill, Web Injects (WI), Web Fakes (WF), DNS tampering, and other custom plug-ins to steal information. These attack techniques are heavily relied upon in the Man in the Browser (MitB) paradigm. The infection strategies include programs such as spreaders that infect other software to conduct drive-by-download/drive-by-cache attacks. This talk delves deep into the design of present-day malware and advancements in attack techniques and infection strategies. This talk is an outcome of real time case studies. Several demos will be shown to back up the arguments.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s