Presentation on theme: "Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network."— Presentation transcript:
Greetings from Finland
We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network Benny Ex-29A
Today we are fighting these! Jeremy Jaynes Millionaire, and a spammer Jay Echouafni CEO, and a DDoS attacker Andrew Schwarmkoff Member of Russian mob, and a phisher
Case Sobig / 2003 Series of worms released roughly a month apart Variant Found Expires ____________________________________________ Sobig.A January 9th Never Sobig.B May 18th May 31st Sobig.C May 31st June 8th Sobig.D June 18th July 2nd Sobig.E June 25th July 14th Sobig.F August 19th Sept 10th ____________________________________________
Case Sobig All variants we're connected to spamming All downloaded and installed an proxy Some of the variants we're very succesful One variant was the biggest outbreak ever
Direct spam Cheap Viagra, loans and Rolexes Inc. (Spammer) Ed Bob Lisa Jack Mary ?#%$!? ?#%$!? ?#%$!? ?#%$!? ?#%$!?
Spam through Proxy Cheap Viagra, loans and Rolexes Inc. (Spammer) Ed Bob Lisa Jack Mary Peter (Proxy) ?#%$!? ?#%$!? ?#%$!? ?#%$!? ?#%$!?
Risk & Reward Few weeks after Sobig.F outbreak, Microsoft started the bounty program $250,000 offered for information leading to the arrest of the author Sobig Manhunt started With no results And nothing happened...
Then, in October Somebody send us a report Which was made by an anonymous party Called "WhoWroteSobig.pdf"WhoWroteSobig.pdf
About WhoWroteSobig.pdf - Written by anonymous source - Verifiable by a PGP signature - Uses technical analysis to prove the author of the worm - 48 pages
Main arguments Claims that Sobig was written by a Mr. Ruslan Ibragimov / Send- Safe team from Russia Send-Safe uses proxies – created by Sobig Release times of Sobig match release times of Send-Safe The code of Send-Safe and Sobig are Similar
Coreflood Sobig.F Send-Safe v2.19 Comparing Sobig and Send-safe visually Sobig.E (embedded PDFs, click to open)
Case Cabir First real mobile phone virus Found in June 2004 Proof-of-concept By 29A Spreads via Bluetooth Kinda like the flu
Cabir is spreading in the wild. Cabir was found in June It was thought not to be in the wild In August, we got unconfirmed reports from Philippines Last month, we got first confirmed reports from Singapore New Reports also from: UAE China India Finland!
Case Skulls New trojan for Symbian Found last week Kills your apps Very hard to get rid of
Nokia 6670 and 7710 First phones in history to contain antivirus by default
United Kingdom 10/03 United Kingdom 05/04 Sweden 11/03 Sweden 03/03 United Kingdom 03/04 and 02/04 Finland 02/04 Germany 04/03 Germany 05/04 United Kingdom 01/04 PC Pro Norway 05/04 F-Secure Awards