This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Anti-Malware - Knowledge Base"

From OWASP
Jump to: navigation, search
(Introduction)
(Banking Attack Process)
Line 3: Line 3:
 
=== How Banking malware deals with Web Application Security ===
 
=== How Banking malware deals with Web Application Security ===
  
== Banking Attack Process ==
+
== Banking Malware Attack Process ==
 +
The process involving Malware attack require the subsequent verification of each of the following steps to be successful. We consider an attack to be successful if the attacker obtain a financial gain from the initial client attack. The first two steps do not involve the Banking infrastrucure, while some other are tightly connected since attackers need to use the functionalities offered by the hacked online bank accounts to do cash outs.
  
=== Early Stages ===
+
From user infection to cash out process:
 +
(Image is missing)
  
=== Attack Interactions ===
+
This is a chain of required steps. Attackers need to perform successfully each of these for turning the attack into a monetary gain. For this reason the process can be reasonably stopped at any level. As in other cases a defense in depth approach is suggested to be effective against the weakest link of each part of the attack.
  
=== Details of Malware Attack Process ===
+
Infection of User clients and pcs
 +
Exploitation of client side vulnerabilities (during internet browsing)
 +
Spam (Infection delivered via Email)
  
=== Silent Banking ===
+
Hiding The Infection and creating the Permanent threat
 +
Packers
 +
Modded Builds
 +
Rootkit (and Bootkit)
  
=== Human Assistance ===
+
Stealing of Auth credentials
 +
KeyLogging and Form Grabbing
 +
Video Grabbing
 +
WebInjects
 +
 
 +
Storing of Auth credentials
 +
Standard Dropzone
 +
Fast Flux Based Server
 +
Instant Messaging and P2P network
 +
 
 +
Hiding The Operations
 +
Data Tunnelling
 +
Modification of Contact Details
 +
User Interface Restoring
 +
 
 +
Cashing Out
 +
Money Transfer
 +
Mobile Phone Charge
 +
Pump and Dump
  
 
== Banking Malware Families ==
 
== Banking Malware Families ==

Revision as of 15:34, 3 January 2012

Introduction

What is Banking Malware

How Banking malware deals with Web Application Security

Banking Malware Attack Process

The process involving Malware attack require the subsequent verification of each of the following steps to be successful. We consider an attack to be successful if the attacker obtain a financial gain from the initial client attack. The first two steps do not involve the Banking infrastrucure, while some other are tightly connected since attackers need to use the functionalities offered by the hacked online bank accounts to do cash outs.

From user infection to cash out process: (Image is missing)

This is a chain of required steps. Attackers need to perform successfully each of these for turning the attack into a monetary gain. For this reason the process can be reasonably stopped at any level. As in other cases a defense in depth approach is suggested to be effective against the weakest link of each part of the attack.

Infection of User clients and pcs Exploitation of client side vulnerabilities (during internet browsing) Spam (Infection delivered via Email)

Hiding The Infection and creating the Permanent threat Packers Modded Builds Rootkit (and Bootkit)

Stealing of Auth credentials KeyLogging and Form Grabbing Video Grabbing WebInjects

Storing of Auth credentials Standard Dropzone Fast Flux Based Server Instant Messaging and P2P network

Hiding The Operations Data Tunnelling

Modification of Contact Details

User Interface Restoring

Cashing Out Money Transfer Mobile Phone Charge Pump and Dump

Banking Malware Families

Silent Banker

Adrenaline

Zeus

Limbo/Nethell

Torpig/Sinowal/Mebroot

Banking Provided Security Measures

Password

TAN (Gridcard, Scratch Card)

OTP (Time Based, Click Based)

CAP (Random Nonce, Challenge Response)

SMS Challenges

Cellphone Caller-ID

Threat Modeling for Banking Malware Attacks

Enumerate the interesting targets

Define the path to the targets (Transition graphs)

Apply trust boundaries (security measures)

Define the weaknesses of the security measures adopted

Security Rating

References

  • Kyplex AV Website Antivirus - Free website virus and malware scanner. The service is provided over the Internet. No installation required.