Jose Miguel Esparza
Last known affiliation: Blueliv
Jose Miguel Esparza 🗣
Abstract (click to view)
Cybercriminals use different methods to distribute malware like malicious advertisements, Exploit Kits, loaders or spam campaigns. Unless an attack is really targeted the bad guys will try to infect as many computers as possible and they need some automation for that. It is well-known that they use botnets to distribute malware and create spam campaigns. Popular malware families like Necurs, Cutwail, Onliner Spambot or Emotet are examples of this kind of botnets, which are not usually analyzed deeply because we tend to focus on the final malware families which are spread, like bankers, stealers or RATs. This talk will focus on one these malware families used to send spam, Onliner Spambot, explaining internal details about its different modules, its control panel, how it is checking and misusing stolen credentials, and about the threat actors who are operating it and selling it. Malware distribution is an interesting part of the cybercrime ecosystem and it is important to pay attention to those distribution botnets too.
Jose Miguel Esparza 🗣 | Frank Ruiz 🗣
Abstract (click to view)
Millions of computers are infected and become part of botnets every day. Our relatives and most of our friends are happily infected, but some of these bots are more important than others. Botnet herders are aware of that and when they don’t have enough resources they sell specific infections to other groups which will give these special systems the love they need. We call these systems “rough diamonds”. During this presentation we will give real examples about how some of these targeted attacks end up in credit card breaches and high-amount fraud transactions.
Jose Miguel Esparza 🗣
Abstract (click to view)
Andromeda, also known as Gamarue by some Antivirus vendors, is a popular and modular bot active since 2011. It is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. After almost five years of life its development has not stopped. The people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc.