Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Facebook PokerAgent

Similar presentations

Presentation on theme: "The Facebook PokerAgent"— Presentation transcript:

1 The Facebook PokerAgent
Robert Lipovsky

2 O čom si povieme... OnlineGames trojany „Pokec Sniffer“ Ransomware
Android malware Šedá zóna My introduction

3 Facebook 1.11 Billion active users (March 2013) Malware use:
Distribution vector Motive

4 Win32/Delf.QCZ July 2011 Spread through Facebook & Vkontakte – improved social engineering Removed AV in safe-mode Backdoor, downloader Bitcoin mining, DDoS, malware distribution

5 Like-jacking through Malicious Browser Plug-ins

6 PokerAgent: Introduction
Interesting binary: Active: Q4/ Q1/2012 Facebook Most widespread: Israel Zynga Poker “PokerAgent” MSIL/Agent.NKY Interesting malware ceased actively spreading the trojan mid-February 2012.

7 PokerAgent: Overview Botnet: bots performed tasks
Extensive db of stolen Facebook credentials Zynga Poker Stats Linked Credit Card information FB account phishing Trojan (probably) distributed through Facebook

8 PokerAgent: Details Zynga Poker stats
Throughout the different versions of the bot, we’ve observed different parameters being used

9 PokerAgent: Details Credit card info You have <strong>X</strong> payment methods saved.

10 PokerAgent: Details Phishing Tasks contained phishing URLs
Point out DES encryption

11 PokerAgent: Additional details

12 PokerAgent: Modus Operandi
Attacker’s motives: Harvest Facebook log on credentials Check Facebook accounts for Poker stats and Credit Card info

13 PokerAgent: Investigation
Active botnet monitoring 800+ infected bots Facebook access credentials in database Cooperation with: Israeli CERT Israeli law enforcement Facebook

14 Thank you…
Mitigations: Easily spottable phishing attempts 2 factor authentication ESET’s solution: Social Media Scanner

Download ppt "The Facebook PokerAgent"

Similar presentations

Ads by Google