The Facebook PokerAgent Robert Lipovsky [email protected].

14
The Facebook PokerAgent Robert Lipovsky [email protected]

TAGS:

Transcript of The Facebook PokerAgent Robert Lipovsky [email protected].

Page 1: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

The Facebook PokerAgent

Robert [email protected]

Page 2: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

O čom si povieme...

• OnlineGames trojany• „Pokec Sniffer“• Ransomware• Android malware• Šedá zóna

Page 3: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

Facebook

• 1.11 Billion active users (March 2013)

• Malware use:• Distribution vector• Motive

Page 4: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

Win32/Delf.QCZ

• July 2011• Spread through Facebook & Vkontakte – improved social engineering• Removed AV in safe-mode• Backdoor, downloader

• Bitcoin mining, DDoS, malware distribution

Page 5: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

Like-jacking through Malicious Browser Plug-ins

Page 6: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Introduction

• Interesting binary:• Facebook• Zynga Poker• “PokerAgent”

• MSIL/Agent.NKY

• Active: Q4/2011 - Q1/2012• Most widespread: Israel

Page 7: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Overview

• Botnet: bots performed tasks• Extensive db of stolen Facebook

credentials

• Zynga Poker Stats• Linked Credit Card information• FB account phishing

• Trojan (probably) distributed through Facebook

Page 8: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Details

• Zynga Poker stats

http://facebook2.poker.zynga.com/poker/inc/ajax/profile_popup.php?zid=1:%_FACEBOOK_ID%&signed_request=%_SIGNATURE%&platform=1

Page 9: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Details

• Credit card info

https://secure.facebook.com/settings?tab=payments&section=methods

You have <strong>X</strong> payment methods saved.

Page 10: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Details

• Phishing• Tasks contained phishing URLs

Page 11: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Additional details

Page 12: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Modus Operandi

• Attacker’s motives:

• Harvest Facebook log on credentials• Check Facebook accounts for Poker stats and Credit Card

info

Page 13: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

PokerAgent: Investigation

• Active botnet monitoring

• 800+ infected bots• 16 194+ Facebook access credentials in database

• Cooperation with:• Israeli CERT• Israeli law enforcement• Facebook

Page 14: The Facebook PokerAgent Robert Lipovsky lipovsky@eset.sk.

Thank you…

[email protected]@eset.sk

WeLiveSecurity.comVirusRadar.com


Facebook (presentation on facebook)

Facebook (presentation on facebook)

CURRICULUM VITAE Julie Ann Lipovsky, Ph,D., ABPP (Clinical ... - jan 13.pdfHandbook of Behavior Therapy with Children and Adults: A Longitudinal Perspective, 236-247, Boston: Allyn

CURRICULUM VITAE Julie Ann Lipovsky, Ph,D., ABPP (Clinical ... - jan 13.pdfHandbook of Behavior Therapy with Children and Adults: A Longitudinal Perspective, 236-247, Boston: Allyn

facebook ' ükiQ o á facebook facebook ' facebook ... · facebook ' ükiQ o á facebook facebook ' facebook : : cmvkgaa@yahoo. com. hk ... Author: Office Created Date: 4/23/2013

facebook ' ükiQ o á facebook facebook ' facebook ... · facebook ' ükiQ o á facebook facebook ' facebook : : cmvkgaa@yahoo. com. hk ... Author: Office Created Date: 4/23/2013

FACEBOOK MARKETING FOR BUSINESS. Facebook Optimize Facebook Page Build Audience Setup Facebook Advertisement Facebook Page Insight.

FACEBOOK MARKETING FOR BUSINESS. Facebook Optimize Facebook Page Build Audience Setup Facebook Advertisement Facebook Page Insight.

A Study of Malicious Attacks on Facebook · A Study of Malicious Attacks on Facebook Maria Patricia Revilla, Anti-Malware Analyst Commtouch VirusLab Robert Sandilands, Director Commtouch

A Study of Malicious Attacks on Facebook · A Study of Malicious Attacks on Facebook Maria Patricia Revilla, Anti-Malware Analyst Commtouch VirusLab Robert Sandilands, Director Commtouch

Time Vision · 2018. 4. 27. · facebook facebook / for business . facebook / for business . facebook for business

Time Vision · 2018. 4. 27. · facebook facebook / for business . facebook / for business . facebook for business

Robert Lipovsky Anton Cherepanov - Black Hat …Robert_Lipovsky Anton Cherepanov Senior Malware Researcher @cherepanov74 Robert M. Lee CEO @RobertMLee Ben Miller Director, Threat Operations

Robert Lipovsky Anton Cherepanov - Black Hat …Robert_Lipovsky Anton Cherepanov Senior Malware Researcher @cherepanov74 Robert M. Lee CEO @RobertMLee Ben Miller Director, Threat Operations

Facebook without Facebook

Facebook without Facebook

Towards Semi-Automated Annotation for Prepositional Phrase Attachment Sara Rosenthal William J. Lipovsky Kathleen McKeown Kapil Thadani Jacob Andreas Columbia.

Towards Semi-Automated Annotation for Prepositional Phrase Attachment Sara Rosenthal William J. Lipovsky Kathleen McKeown Kapil Thadani Jacob Andreas Columbia.

Robert Murray Stamp Auction  · Web viewLinkedIn Google+ Facebook Our Website will still be the first port-of-call for most information, but the new Facebook and Google+ pages will

Robert Murray Stamp Auction  · Web viewLinkedIn Google+ Facebook Our Website will still be the first port-of-call for most information, but the new Facebook and Google+ pages will

d2xcq4qphg1ge9.cloudfront.net · Introduction to Facebook Ads: - Facebook Ads Vs. Google AdWords - Why Facebook Ads - Facebook Ads Setting - Facebook Billing Understanding Facebook

d2xcq4qphg1ge9.cloudfront.net · Introduction to Facebook Ads: - Facebook Ads Vs. Google AdWords - Why Facebook Ads - Facebook Ads Setting - Facebook Billing Understanding Facebook

MANATT, PHELPS & PHILLIPS, LLP ROBERT H. … Assocs. Inc. v. Cohen, ... Facebook, Inc. v. Grunin, ... Facebook, Inc. v. Power Ventures, Inc., 2010 WL 3291750 ...

MANATT, PHELPS & PHILLIPS, LLP ROBERT H. … Assocs. Inc. v. Cohen, ... Facebook, Inc. v. Grunin, ... Facebook, Inc. v. Power Ventures, Inc., 2010 WL 3291750 ...

Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky lipovsky@eset.sk.

Mobile Threats 2013: Android Malware & Vulnerabilities Robert Lipovsky [email protected].

The AP Art History Dinner Party - bremertonschools.org€¦ · facebook facebook facebook facebook facebook facebook facebook faceb facebook facebook facebook fi facebook f; facebook

The AP Art History Dinner Party - bremertonschools.org€¦ · facebook facebook facebook facebook facebook facebook facebook faceb facebook facebook facebook fi facebook f; facebook

facebook ' ükiQ o á facebook facebook ' facebook ... · facebook ' ükiQ o á facebook facebook ' facebook : : cmvkgaa@yahoo. com. hk . Author: Office Created Date: 4/23/2013 10:48:16

facebook ' ükiQ o á facebook facebook ' facebook ... · facebook ' ükiQ o á facebook facebook ' facebook : : cmvkgaa@yahoo. com. hk . Author: Office Created Date: 4/23/2013 10:48:16

ENVIRONMENTAL STUDIES OF THREE COLUMBIA RIVER … · ENVIRONMENTAL STUDIES OF THREE COLUMBIA RIVER ESTUARINE BEACHES by Joseph T. Durkin Sandy J. Lipovsky George R. Snyder Merritt

ENVIRONMENTAL STUDIES OF THREE COLUMBIA RIVER … · ENVIRONMENTAL STUDIES OF THREE COLUMBIA RIVER ESTUARINE BEACHES by Joseph T. Durkin Sandy J. Lipovsky George R. Snyder Merritt

Facebook Marketing | Facebook para empresas

Facebook Marketing | Facebook para empresas

Facebook, Robert Johnson

Facebook, Robert Johnson

YOUR COMMUNITYREDEFINE HEALTH IN - UMMC Home...clinical-scholars.org 2019.10.10 RWJF Clinical Scholars Program - Robert Wood Johnson Foundation Clinical Scholars on Facebook National

YOUR COMMUNITYREDEFINE HEALTH IN - UMMC Home...clinical-scholars.org 2019.10.10 RWJF Clinical Scholars Program - Robert Wood Johnson Foundation Clinical Scholars on Facebook National

Facebook education, Facebook Marketing

Facebook education, Facebook Marketing