Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Facebook PokerAgent Robert Lipovsky

Similar presentations

Presentation on theme: "The Facebook PokerAgent Robert Lipovsky"— Presentation transcript:

1 The Facebook PokerAgent Robert Lipovsky

2 O čom si povieme... OnlineGames trojany Pokec Sniffer Ransomware Android malware Šedá zóna

3 Facebook 1.11 Billion active users (March 2013) Malware use: Distribution vector Motive

4 Win32/Delf.QCZ July 2011 Spread through Facebook & Vkontakte – improved social engineering Removed AV in safe-mode Backdoor, downloader Bitcoin mining, DDoS, malware distribution

5 Like-jacking through Malicious Browser Plug-ins

6 PokerAgent: Introduction Interesting binary: Facebook Zynga Poker PokerAgent MSIL/Agent.NKY Active: Q4/ Q1/2012 Most widespread: Israel

7 PokerAgent: Overview Botnet: bots performed tasks Extensive db of stolen Facebook credentials Zynga Poker Stats Linked Credit Card information FB account phishing Trojan (probably) distributed through Facebook

8 PokerAgent: Details Zynga Poker stats 1:%_FACEBOOK_ID%&signed_request=%_SIGNATURE%&platform=1

9 PokerAgent: Details Credit card info§ion=methods You have X payment methods saved.

10 PokerAgent: Details Phishing Tasks contained phishing URLs

11 PokerAgent: Additional details

12 PokerAgent: Modus Operandi Attackers motives: Harvest Facebook log on credentials Check Facebook accounts for Poker stats and Credit Card info

13 PokerAgent: Investigation Active botnet monitoring 800+ infected bots Facebook access credentials in database Cooperation with: Israeli CERT Israeli law enforcement Facebook

14 Thank you…

Download ppt "The Facebook PokerAgent Robert Lipovsky"

Similar presentations

Ads by Google