Zeus Strike Back! – Upcoming Silver Tail Webinar
As I mentioned, we’ve been getting a ton of great feedback on the Dissecting Zeus webinar. Since that webinar, Silver Tail has been attacked by the criminals behind Zeus. In our next webinar, we’ll explain the attack, how it was detected, and what we’ve done to make sure our security standards will protect us from this type of attack going forward.
If you’re interested in hearing how the criminals behind Zeus respond to being exposed, definitely plan to attend. The webinar will be held on October 13 at 10am Pacific time. We’ll also be recording it in case that time is not convenient for you. If you’d like to attend, you can register here.
If you’ve seen the last two webinars, I should warn you that the October webinar will not have an update on the trials and tribulations of Aunt Sally, but hopefully we’ll be able to tell you more of her story soon.
Silver Tail chosen for SC Magazine Innovator Throwdown
Great news! Silver Tail is one of 10 companies selected to present at SC Magazine’s Innovators Throwdown!
The Innovators Throwdown is part of the SC Magazine SC World Congress. It will be held October 13-14 in NYC. Silver Tail is thrilled to be included in the Innovator Throwdown. If any of you will be in NYC that week and would like to get together, let us know.
Even more on Zeus
There has been a fair amount of interest in the Zeus blogs, so I thought I’d continue in that vein.
Bruce Schneier has an interesting article about how to beat second factor authentication. One of the methods (trojan) describes the methodology that Zeus uses to get past second factor authentication.
Trojan attack. Attacker gets Trojan installed on user’s computer. When user logs into his bank’s website, the attacker piggybacks on that session via the Trojan to make any fraudulent transaction he wants.
Bruce gives some examples and talks about how second factor authentication is not going to solve all identity theft problems. This is a worthwhile read if you want to know more about how bad guys are beating strong authentication.
Terminology for abuse of websites
At Silver Tail, we’ve been trying to determine the best way to characterize what we do. As everyone knows, it’s good to have a short, catchy (sexy) phrase that immediately evokes the appropriate connotation in everyone from customers to researchers to press to analysts.
Silver Tail detects and prevents “the abuse of legitimate website functionality”. That phrase is a mouthful. Jeremiah Grossman has called this “business logic abuse”. I’ve found that people seem to get that term, but it’s cumbersome and it often takes people a few minutes to understand it.
Another term we’ve come up with recently is “web logic abuse”. This has a few advantages. First, it’s shorter. Second, it is more accurate since we mainly protect websites.
So, I’ll pose a question to you, the reader. Which term do you prefer as a catch phrase for what we do? Feel free to post comments here or send me email. All feedback is welcome.
The Rise of Zeus, Part II
Brian Krebs has another fascinating piece today. This one details three different schools/school districts that had money stolen from their online bank accounts. In each case, the bad guys transferred the money out in small increments, but the total for each is quite large ($117k, $150k, and $189k).
While Zeus has not been identified as the means by which the criminals accessed the accounts, the modus operandi in all three cases sounds very similar to the Bullitt County Kentucky case.
Brian’s article goes into detail on the mules and the recruitment scheme used for the mules. Just today I received an email asking if I wanted to be a “check processing agent” for an oil and gas company. I’m impressed by both how prevalent these scams are and how successful they seem to be (though being successful probably makes the scam even more prevalent).
Given that several of these have come to light recently, it makes me wonder how many of them haven’t hit the news yet!
The Rise of Zeus
Our webinar on Zeus was a resounding success! What has been interesting is that in the week since the webinar, there have been more and more news stories about Zeus and Zeus-like exploits and the havoc they wreak.
This article talks about how Zeus infections have exploded in the last couple of months.
Marking a consistent trend of increasing software vulnerabilities, threat rates during August jumped from July. Of 168 new vulnerabilities detected, 62 were reported to be actively exploited in the wild, with a large portion of these attacked vulnerabilities rated as critical.
This article is not specifically about Zeus, but it has a lot of Zeus-like characteristics about it.
“The old way was ’smash and grab,’ where they’d find a database and the data they were looking for, download it, and leave,” Percoco says. “Today they’re going in and camping out for months or years. They’re learning those systems better than the IT admins running them.”
[Updated 9/10] There was another article posted today. Here Brian Krebs talks about $477k being stolen from a wrecking firm that used second factor authentication for their bank site.
Some types of malware, particularly a type of data-stealing Trojan horse programs known as “Zeus,” allow the attackers to change the display of a bank’s login page as a victim is entering their credentials. For example, when a victim submits his one-time password along with his credentials, the malware may force the browser to return a counterfeit page (still showing the bank’s domain name in the URL bar) stating that the bank’s site is down for maintenance, please try back again in 15 minutes. Meanwhile, those credentials are not submitted to the bank but instead sent to the attackers.
In case you are interested to learn more about Zeus, you can see details about the webinar and get access to the recording (including the slides) here.
Dissecting Zeus: See the recording of the webinar
We’ve been getting amazing feedback on our webinar – Dissecting Zeus: The #1 Banking Trojan. If you want to know more about this incredibly sophisticated, incredibly nasty trojan, you can get to the recording through this link.
Enjoy! Please feel free to post feedback to this forum.
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- December 2009 (5)
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
- January 2009 (8)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
