Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network.

Published byMiguel Carroll Modified over 11 years ago

Similar presentations

Presentation on theme: "Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network."— Presentation transcript:

1

2 Greetings from Finland

3 F-Secure Corp

4 We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network Benny Ex-29A

5 Today we are fighting these! Jeremy Jaynes Millionaire, and a spammer Jay Echouafni CEO, and a DDoS attacker Andrew Schwarmkoff Member of Russian mob, and a phisher

6

7 Mon 8.3.2004:Netsky.J Mon 8.3.2004:Netsky.K Tue 9.3.2004: Bagle.L Wed 10.3.2004: Netsky.L Thu 11.3.2004: Netsky.M Tue 11.3.2004: Bagle.M Thu 13.3.2004: Bagle.N Thu 13.3.2004: Bagle.O Sat 15.3.2004: Bagle.P Mon 17.3.2004: Netsky.O Tue 18.3.2004: Bagle.Q Thu 18.3.2004: Bagle.R Thu 18.3.2004: Bagle.S Thu 18.3.2004: Bagle.T Sun 21.3.2004: Netsky.P Fri 26.3.2004: Bagle.U Mon 29.3.2004: Bagle.V Mon 29.3.2004: Netsky.Q Wed 31.3.2004: Netsky.R Mon 5.4.2004: Netsky.S Mon 5.4.2004: Bagle.W Tue 6.4.2004: Netsky.T Thu 8.4.2004: Netsky.U Tue 13.4.2004:Mydoom.I Wed 14.4.2004: Netsky.V Thu 15.4.2004: Netsky.W Fri 16.4.2004:Mydoom.J Mon 19.4.2004: Netsky.X Tue 20.4.2004: Netsky.Y Wed 21.4.2004: Netsky.Z Fri 23.1.2004: Bagle.A Tue 27.1.2004: Mydoom.A Mon 16.2.2004: Netsky.A Mon 16.2.2004: Mydoom.E Tue 17.2.2004: Bagle.B Wed 18.2.2004: Netsky.B Tue 24.2.2004: Mydoom.F Wed 25.2.2004: Netsky.C Fri 27.2.2004: Bagle.C Sat 28.2.2004: Bagle.D Sat 28.2.2004: Bagle.E Sun 29.2.2004: Netsky.D Mon 1.3.2004: Bagle.F Mon 1.3.2004: Bagle.G Mon 1.3.2004: Netsky.E Tue 2.3.2004: Bagle.H Tue 2.3.2004: Bagle.I Tue 2.3.2004: Netsky.F Tue 2.3.2004: Bagle.J Wed 3.3.2004: Mydoom.G Wed 3.3.2004: Bagle.K Wed 3.3.2004: Mydoom.H Thu 4.3.2004: Netsky.G Fri 5.3.2004: Netsky.H Sun 7.3.2004:Netsky.I

8 Bagle Mydoom Netsky Sasser Korgo Sober Bagle Mydoom Netsky Sasser Korgo Sober

9 Case Sobig / 2003 Series of email worms released roughly a month apart Variant Found Expires ____________________________________________ Sobig.A January 9th Never Sobig.B May 18th May 31st Sobig.C May 31st June 8th Sobig.D June 18th July 2nd Sobig.E June 25th July 14th Sobig.F August 19th Sept 10th ____________________________________________

10 Case Sobig All variants we're connected to spamming All downloaded and installed an email proxy Some of the variants we're very succesful One variant was the biggest email outbreak ever

11 Direct spam Cheap Viagra, loans and Rolexes Inc. (Spammer) Ed Bob Lisa Jack Mary ?#%$!? ?#%$!? ?#%$!? ?#%$!? ?#%$!?

12 Spam through Proxy Cheap Viagra, loans and Rolexes Inc. (Spammer) Ed Bob Lisa Jack Mary Peter (Proxy) ?#%$!? ?#%$!? ?#%$!? ?#%$!? ?#%$!?

13 Risk & Reward Few weeks after Sobig.F outbreak, Microsoft started the bounty program $250,000 offered for information leading to the arrest of the author Sobig Manhunt started With no results And nothing happened...

14 Then, in October 2004... Somebody send us a report Which was made by an anonymous party Called "WhoWroteSobig.pdf"WhoWroteSobig.pdf

15 About WhoWroteSobig.pdf - Written by anonymous source - Verifiable by a PGP signature - Uses technical analysis to prove the author of the worm - 48 pages

16 Main arguments Claims that Sobig was written by a Mr. Ruslan Ibragimov / Send- Safe team from Russia Send-Safe uses proxies – created by Sobig Release times of Sobig match release times of Send-Safe The code of Send-Safe and Sobig are Similar

17

18

19 Send-safe

20 Coreflood Sobig.F Send-Safe v2.19 Comparing Sobig and Send-safe visually Sobig.E (embedded PDFs, click to open)

21 Case Cabir First real mobile phone virus Found in June 2004 Proof-of-concept By 29A Spreads via Bluetooth Kinda like the flu

22 Cabir is spreading in the wild. Cabir was found in June It was thought not to be in the wild In August, we got unconfirmed reports from Philippines Last month, we got first confirmed reports from Singapore New Reports also from: UAE China India Finland!

23 Case Skulls New trojan for Symbian Found last week Kills your apps Very hard to get rid of

24 Nokia 6670 and 7710 First phones in history to contain antivirus by default

25

26 Thank you!

27 United Kingdom 10/03 United Kingdom 05/04 Sweden 11/03 Sweden 03/03 United Kingdom 03/04 and 02/04 Finland 02/04 Germany 04/03 Germany 05/04 United Kingdom 01/04 PC Pro Norway 05/04 F-Secure Awards

Download ppt "Greetings from Finland F-Secure Corp We used to be fighting these... Chen-Ing Hau Author of the CIH virus Joseph McElroy Hacked the Fermi lab network."

Similar presentations

Accredited Supplier Communications Plan FY09-10 Q1 to Q4 May 2009, v2.0 Home Access Marketing & Stakeholder Engagement Team.

Accredited Supplier Communications Plan FY09-10 Q1 to Q4 May 2009, v2.0 Home Access Marketing & Stakeholder Engagement Team.
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.

Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Working with MS-ACCESS IS 240 – Database Management Lecture #2 – 2004-01-20 Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University

Working with MS-ACCESS IS 240 – Database Management Lecture #2 – Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 38.
Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts 1 - 20.

Addition Facts
Year 6 mental test 10 second questions

Year 6 mental test 10 second questions
2010 fotografiert von Jürgen Roßberg © 2009. Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.

2010 fotografiert von Jürgen Roßberg © Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.

Similar presentations

Ads by Google