Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database...
Transcript of Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database...
![Page 1: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/1.jpg)
1
Mikko Hypponen Chief Research Officer, F-Secure
Mikko Hypponen Chief Research Officer, F-Secure
![Page 2: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/2.jpg)
2
F-Secure Corp
![Page 3: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/3.jpg)
![Page 4: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/4.jpg)
4
We used to be fighting these...
Chen-Ing HauAuthor of the CIH virus
Joseph McElroyHacked the Fermi lab network
Jeffrey ParsonAuthor of Blaster.C
![Page 5: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/5.jpg)
5
Today we are fighting these!
Jeremy JaynesMillionaire,and a spammer
Jay EchouafniCEO,and a DDoS attacker
Andrew SchwarmkoffMember of Russian mob, and a phisher
![Page 6: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/6.jpg)
6
Today we are fighting these!
Jeremy JaynesMillionaire,and a spammer
Jay EchouafniCEO,and a DDoS attacker
Andrew SchwarmkoffMember of Russian mob, and a phisher
![Page 7: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/7.jpg)
7
Does anybody buy from spam?
![Page 8: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/8.jpg)
8
![Page 9: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/9.jpg)
9
Direct spam
Spammer
Ed
Bob
Lisa
Jack
Mary
?#%$!??#%$!?
?#%$!??#%$!?
?#%$!?
?#%$!?
?#%$!??#%$!?
?#%$!??#%$!?
![Page 10: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/10.jpg)
10
Spam through Proxy
Spammer
Ed
Bob
Lisa
Jack
Mary
Peter
(Zombie / Proxy)
?#%$!??#%$!?
?#%$!??#%$!?
?#%$!?
?#%$!?
?#%$!??#%$!?
?#%$!??#%$!?
![Page 11: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/11.jpg)
![Page 12: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/12.jpg)
![Page 13: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/13.jpg)
13
![Page 14: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/14.jpg)
14
![Page 15: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/15.jpg)
15
![Page 16: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/16.jpg)
16
Send-safe
![Page 17: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/17.jpg)
17
Jeremy JaynesMillionaire,and a spammer
Jay EchouafniCEO,and a DDoS attacker
Andrew SchwarmkoffMember of Russian mob, and a phisher
![Page 18: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/18.jpg)
![Page 19: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/19.jpg)
![Page 20: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/20.jpg)
![Page 21: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/21.jpg)
![Page 22: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/22.jpg)
22
![Page 23: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/23.jpg)
23
![Page 24: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/24.jpg)
24
![Page 25: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/25.jpg)
25
http://www.f-secure.com/weblog
![Page 26: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/26.jpg)
26
![Page 27: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/27.jpg)
27
![Page 28: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/28.jpg)
28
![Page 29: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/29.jpg)
29
Jeremy JaynesMillionaire,and a spammer
Jay EchouafniCEO,and a DDoS attacker
Andrew SchwarmkoffMember of Russian mob, and a phisher
![Page 30: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/30.jpg)
30
![Page 31: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/31.jpg)
31
![Page 32: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/32.jpg)
32
![Page 33: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/33.jpg)
33
![Page 34: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/34.jpg)
34
So, what does phishing have to do with viruses?
Not much
Until we started monitoring some later variants of the Bagle worm
Turns out the machines eventually download an email proxy
And the mails sent through the infected machines turned out to be...
![Page 35: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/35.jpg)
35
![Page 36: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/36.jpg)
36
BankAsh.E
Found on March 28th
Shows a fake bank web page whenever uses accesses:web.da-us.citibank.com/cgi-bin/citifi/scripts/login2/login.jspwww.bankofscotlandhalifax-online.co.uk/_mem_bin/UMLogonVerify.aspwww.halifax-online.co.uk/demos/public/umdemoengine.aspwww.ebank.hsbc.com.hk/servlet/onlinehsbcwww.iblogin.com/servlet/XCServlet;jsessionidwww.national.com.au/cgi-bin/7614_1.plwww.bpinet.pt/verificaMCF.aspsec.westpactrust.co.nz/IOLB/csReqolb.westpac.com.au/ib/asp/login/bsd_lgvalidate.aspwww.halifax-online.co.uk/_mem_bin/UMLogonVerify.aspwww.rbsdigital.com/secure/default.aspwww.nwolb.com/secure/default.aspolb2.nationet.com/MyAccounts/frame_MyAccounts_WP2.asponline.lloydstsb.co.uk/logon.ibcibank.cahoot.com/Aquarius/web/en/core_banking/log_in/frameset_top_log_in.html ibank.barclays.co.uk/fp/1_2h/online/1,31705,,00.htmlmyonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=logonwww.ebank.hsbc.co.uk/logonindex.jsp
![Page 37: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/37.jpg)
37
Hacker stole an undisclosed amount of the database with 8 million credit card numbers
BJs.com
Unknown attacker stole 13,000 credit card numbers over the net. Total number of cards in the system: 22,000.
US Navy
Over 8 million Visa, AMEX, Mastercard and Discovery numbers stolen from a credit card brokerage.
Dpicorp.com
Russian hacker "Maxus" stole 350,000 credit card numbers and posted them to a public web page.
CDUniverse.com
Hacker stole over 15,000 credit card numbers and apparently soldthem.
Westernunion.com
Hacker stole 55,000 credit card numbers. He asked for a ransom and when it wasn't met, he posted the numbers to a public web page.
Creditcards.com
Over 3,700,000 customers had to change their credit cards after a break-in.
Egghead.com
Hacker stole a database containing 350,000 customers and asked for a $45,000 ransom.
Ecount.com
The whole customer database stolen. Hacker sent e-mail about this to all customers.
Playboy.com
![Page 38: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/38.jpg)
38
![Page 39: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/39.jpg)
39
Case Slacke
![Page 40: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/40.jpg)
40
![Page 41: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/41.jpg)
41
Cabir is spreadingin the wild .
Cabir was found in June 2004
First in-the-wild report from Philippines in August 2004
SingaporeUAEChinaIndiaFinlandVietnamTurkeyRussiaUKItalyUSAJapan
Hong KongFranceSouth AfricaAustraliaThe NetherlandsEgyptLuxembourgNew ZealandSwitzerland
![Page 42: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/42.jpg)
42
Skulls.DSkulls.D
![Page 43: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/43.jpg)
![Page 44: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/44.jpg)
![Page 45: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/45.jpg)
![Page 46: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/46.jpg)
46
![Page 47: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/47.jpg)
http://www.f-secure.com/weblog
![Page 48: Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit](https://reader033.fdocuments.net/reader033/viewer/2022060710/6075ff287e7c8938cd1b4690/html5/thumbnails/48.jpg)
48United Kingdom
10/04
United States
11/04
Sweden
11/04
United States
12/04
Finland
04/05
United Kingdom
02/05
Italy
12/04
United Kingdom
03/05
F-Secure Awards
Italy
12/04
Excellent
UK
04/05
Norway
04/05
Serbia
04/05
Spain
04/05
Austria
04/05