Online Game Trojan SecurityLabs.websense.com Hermes Li.

Slides:

Advertisements

Similar presentations

Security Issues of Peer-to-Peer Systems February 14, 2001 OReilly Peer-to-Peer Conference Nelson Minar, CTO POPULAR POWER.

Advertisements

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

Online Game Security - Quake III and its Hacks - (related paper: A Systematic Classification of Cheating in Online Games, Jeff Yanand and Brian Randell.

Jeffrey Bernardino Nikko Tamaña Stealth by Legitimacy: Malware’s Use of Legitimate Services 2012 年 5 月 2 日.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Operating System Security : David Phillips A Study of Windows Rootkits.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

It’s more than a game, it’s your life On?. Aims for this Safer Internet Assembly: ‘virtual lives’To create awareness of our ‘virtual lives’ – what does.

Security for Today’s Threat Landscape Kat Pelak 1.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Trojan Horse Program Presented by : Lori Agrawal.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

From AV to Internetized Security Solution 马杰 Jeffrey Beijing Rising Tech. Co., Ltd. --- The Analysis Report of Malware Technology in China in 2005.

Windows Security and Rootkits Mike Willard January 2007.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Staying Safe. Files can be added to a computer by:- when users are copying files from a USB stick or CD/DVD - downloading files from the Internet - opening.

APT29 HAMMERTOSS Jayakrishnan M.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Honeypot and Intrusion Detection System

Security Testing Case Study 360logica Software Testing Services.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

CensorNet Desktop Surveillance Description, Target audience, Positioning Components, Features

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002.

Presented by: Maha, Marina and Aleks Viruses,Wormsand Trojans.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

CCT355H5 F Presentation: Phishing November Jennifer Li.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Module 7: Advanced Application and Web Filtering.

Advanced Persistent Threats (APT) Sasha Browning.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

A Network Security -Firewall Bruce Turin.

Safe’n’Sec IT security solutions for enterprises of any size.

Android and IOS Permissions Why are they here and what do they want from me?

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Computer Security Keeping you and your computer safe in the digital world.

FIND OUT WHY VIPRE IS STILL OUTPERFORMING ITS RIVALS! Distributed By: & Insert Your Logo Here.

FIND OUT WHY VIPRE IS STILL OUTPERFORMING ITS RIVALS! Distributed By: & Insert Your Logo Here.

Matt Jennings.  Introduction  Value Chains  Major value chains in the illegal market  Means of Communication  Conclusion.

How To Remove Flooders?-Get Help Website:

Backdoor Attacks.

A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.

Teaching Computing to GCSE

Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.

SPRING DRAGON APT - A CASE STUDY OF TARGETED ATTACKS IN APAC COUNTRIES

DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

Faculty of Science IT Department By Raz Dara MA.

Computer Security By: Muhammed Anwar.

Presentation transcript:

Online Game Trojan SecurityLabs.websense.com Hermes Li

Contents Why game trojans is so popular 1 The underground market operation 2 Analysis of an online game trojan 3 How to protect against trojans 4 Download link (deepsec)

Internet Status in China  Total internet users in China  485 Milion, 36.2% amone total population  Internet users encounter with the Trojan  217 Milion, 44.7% amone Total internet users in China  Affected users  121 Milion, 24.9% amone Total internet users in China once lost there account by trojan's attack Data from CNNIC, up to Jun 2011

Online Game Players in China  Online gaming market  More than RMB 34.9 Billion (EUR 4 Billion)  Total number of game players  311 million. active player: more than120 million  Personal spending for online game  Representative cost on average RMB 99 per player per month

Normal Online Game Market Inside Game Outside Game

Virtual Goods Selling AD ADs screen shot (in Chinese character)

The Underground Market Operation Game Player Account Retailer Trojan Buyer Trojan Writer Major target: Massive Multiplayer Online Role Playing Games like World of Warcraft 1 Trojan = 100RMB 1000 account = 500RMB 1 top leavel sword> 10,000RMB

personal Server Cracked Software Social Network Malicious Websites Cheating Program Where Are Game Trojans From

How Trojan Installed Compromised site Bad guy Black SEO Social networks IM chats Victim Client Trojan Downloader Victim DB Account Data Crafted website Trojan

Analysis of a Game Trojan Framework  How to generate a trojan  The work process of the trojan  Source code of module component

Detection Rate Example

Generate Trojan Packed trojan file Stolor.dll IMEHost.dll AddNewSection.exe Generator.exe to pack with upack DllHost.dll

C:\windows\System32 Work Process Run Injected system files comres.dll ddraw.dll dsound.dll dbr01021.ocx dbr99005.ocx winnt.com stolor.dll IMEhost.dll dllhost.dll Trojan.exe C:\windows32\fonts\dbr01021.ttf

3 Modules to Monitor Game Infect Infect system dlls (dsound.dll,ddraw.dll, d3dx.dll, comres.dll) under System folder, add a new session IME Release a fake font file as config file Register a fake Input Method and set to default Hook Call API CreateRemoteThread or SetWindowsHookEx. Hook game exe file’s process and append trojan dll thread.

Module Component (Hook) SetWindowsHookEx (DllHost.cpp)

Module Component (Hook) CreateRemoteThread (Funcs.cpp)

Module Component (IME) Append fake IME to system and set as default (IMEHost.cpp)

Module Component (IME) Export Function (IMEHost.cpp IMEHost.def)

Module Component (Infect) Kill game process and Infect system dll file (StoreMain.cpp)

Module Component (Infect) Infect and encrypt new added session (Infect.cpp, Pecrypt.cpp)

Special Functions AntiAV (AntiAV.cpp)AdjustPrivileges (Func.cpp)

Special Functions Grid Authentication Crack (KickProc.cpp)

Grid Authentication Crack  grid card screen shots

Special Functions Grid Authentication Crack (CapPic.cpp)

 Type of trojans  Advanced hidden technology  Anti-Detection technology  Prediction solution More About All Trojans

Type of Trojans Act in Advanced Persistent Threats Trojans to steal bank account directly, real money damage Back door program to monitor IM, or other accounts, or remote controller APT Trojan Bank Trojan Game Trojan Common Trojan Hackers use this to steal game account and sale out to get money

Advanced Hidden Technology Hide file Monitor system API ZwQueryDirectoryFile, remove itself from files list. API Hook Modify result lists (Root kit) Hide process Hook processes list API EnumProcesses, remove itself from result.

Anti Detection Tech Corecodes encryption Packer Obfuscation

Prediction Solution for Enterprise Real-Time Security Scan(both content and URL) IP Overblock / Domain Overblock Outbound and Inbound traffic scanning Reputation score Advanced Detection