Information Systems Security
Contents
1. Distributed Denial of Service bulk transfer of spam e mail password sniffing etc C Karg Information Systems Security 3 Threats And Countermeasures Botnets Introduction Botnets Cont Attacker Botnet Herder Botnet Server Infected Hosts Bots termeasures Botnets Example Eurograbber Example Eurograbber e The Eurograbber attack was a sophisticated attack e The attack was multi dimensional and combined several types attacks such as social engineering and trojan horses e In order to perform a successful attack both the victim s PC and his mobile phone must be manipulated e Windows PCs Android and Blackberry smartphones were the primary targets C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Dropzone Internet wT Step 1 Infecting the victim s systems Eurograbber Whitepaper C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Step 1 Infecting the victim s PC and smartphone 1 By usage of a SPAM Email or a phishing webpage a special version of the Zeus trojan horse is installed on the victim s PC 2 After the victim logs into his online banking account the trojan horse injects a Javascript code The script pretends to perform a security2. Wiley 2004 J ERICKSON Hacking The Art of Exploitation No Starch Press 2007 e S HARRIS Gray Hat Hacking The Ethical Hacker s Handbook McGraw Hill 2008 e E KALIGE D BURKEy A Case Study of Eurograbber How 36 Million Euros was Stolen via Malware Versafe Check Point 2012 C Karg Information Systems Security 3 Threats And Countermeasures
3. deposit and transfers the money to the attacker s account 3 The bank sends a Transaction Authorization Number TAN to the victim s smartphone 4 The smartphone Trojan intercepts the TAN hides it from the victim and sends it to the drop zone 5 Der PC Trojan horse pulls the TAN from the drop zone and completes the transaction C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Remarks e The complete transaction runs in the background this is the customer does not detect it e On each login a withdrawal is performed e Eurograbber earned at least 36 Million Euros e More than 30 000 bank customers from multiple banks across Europe were affected by the attack C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Affected Banks per Country Germany 6 19 7 m Italy 16 50 m Netherlands 3 9 E Spain 7 22 Eurograbber Whitepaper C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Va Affected Users per Country m Italy 11893 39 Germany 6130 20 Netherlands 940 3 E Spain 11352 38 Eurograbber Whitepaper C Karg Information Systems Security 3 Threats And Countermeasures Botnets
4. server and platform All these settings should be defined implemented and maintained as many are not shipped with secure defaults This includes keeping all software up to date 6 Sensitive Data Exposure Many web applications do not properly protect sensitive data such as credit cards tax ids and authentication credentials Attackers may steal or modify such weakly protected data to conduct identity theft credit card fraud or other crimes Sensitive data deserves extra protection such as encryption at rest or in transit as well as special precautions when exchanged with the browser C Karg Information Systems Security 3 Threats And Countermeasures 60 64 Web Application Issues Virtually all web applications verify function level access rights before making that functionality visible in the Ul However applications need to perform the same access control checks on the server when each function is accessed If requests are not verified attackers will be able to forge requests in order to access unauthorized functionality A CSRF attack forces a logged on victim s browser to send a forged HT TP request including the victim s session cookie and any other automatically included authentication information to a vulnerable web application This allows the attacker to force the victim s browser to generate requests the vulnerable application thinks are legitimate requests from the victim C Karg Information System
5. Example Eurograbber Example Eurograbber Cont a Italy Germany 12 862 109 Spain 5 872 635 Netherlands 1 172 889 Eurograbber Whitepaper g Information Systems Security 3 Threats And Countermeasures Botnets Countermeasures Countermeasures e Perform updates of your operating system and critical software such as web browser Adobe Flash Adobe Reader and Java e Use a virus scanner e Ignore all emails which ask for bank account information e Use Linux for online banking e Install only apps on your smartphone which are provided by the official app store C Karg Information Systems Security 3 Threats And Countermeasures Web Application Issues Web Application Issues e A web application is a combination of several applications such as a database and web browser e The parts of a web application are located on different hosts e The analysis of security issues of a web application may be a difficult task e The Open Web Application Security Project OWASP provides a Top Ten of security risks https www owasp org index php Top_10_2013 Top_10 C Karg Information Systems Security 3 Threats And Countermeasures Web Application Issues OWASP Top 10 Risks 2013 I 1 Injection Injection flaws such as SQL OS and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query The attacker s hostile data ca
6. Information File PIF via email Please see the attached file for details e Sobig created a file winmgm32 exe in the Windows system folder and modified the registry to execute this file on system start up e On execution Sobig sent an infected picture to each of the user s Outlook contacts e Sobig installed a key logger to sniff the user s passwords e The gathered information was sent periodically to geocities com C Karg Information Systems Security 3 Threats And Countermeasures Computer Viruses Countermeasures Countermeasures Preventive methods e Use an anti virus software and keep it up to date e Be careful when downloading software from the Internet e Restrict the user s access control to prevent modifications of system files e Use monitoring tools to observe the system critical files e Perform backups of your data or virtual machines Recovery methods e Use a cleaning software e Restore a backup which is not infected e If nothing other helps re install the operating system C Karg Information Systems Security 3 Threats And Countermeasures Worms Introduction Computer Worms e A computer worm is a program which is executable and able to reproduce itself e A worm consists of several code parts so called worm segments e The reproduction is done automatically usually by communication with other worm segments e Worms are spread via the Internet for instance by access of a mal
7. Information Systems Security Lecture 3 Threats And Countermeasures Prof Dr Christoph Karg Aalen University of Applied Sciences Department of Computer Science D 2 oO eee Hochschule Aalen O 0 2 D ee 11 10 2015 Learning Objective Learning Objective The goal of this lecture is to give an overview over common threats that may harm IT systems and their users In particular the following questions will be addressed e What is a buffer overflow e Who does a computer virus work e Which risks are associated with passwords e Which threats lurk in the Internet e What does phishing mean e Which threats do exist for web applications C Karg Information Systems Security 3 Threats And Countermeasures Overview Overview Programming Flaws gt Buffer overflows gt Heartbleed Bug e Malware Computer viruses Computer worms Trojan horses Weak passwords Phishing Botnets Web Application Issues C Karg Information Systems Security 3 Threats And Countermeasures Buffer Overflows Introduction Buffer Overflows e Usage of exploits caused by programming flaws e Point of interest software written in C or C e Starting point code fragments which use strcpy e strcpy uses byte value 0 as the end of string mark e Bad style copy a string without length check e Approach Overwrite memory with a string which contains malicious code C Karg Informa
8. ank com C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Introduction Usage Of Passwords e Passwords are the most common method of authentification e Advantages Simple to generate Simple to use Cheap e Disadvantages Good passwords are hard to keep in mind Security does not depend solely on the user Password must be entered into the system C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Example 1 Rock You Incident The RockYou Incident 2009 rockyou e RockYou was a webpage for social networking e Users had the possibility to save data from other accounts sch as MySpace or Facebook e RockYou s user database saved the passwords in plaintext e December 2009 SQL injection attack against RockYou e Consequence 32 millions of stolen passwords e An anonymized list of passwords was published e For more details see Techcrunch Link C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Example 1 Rock You Incident Analysis Of The RockYou Passwords e 30 of the passwords had a length of at most 6 characters e 20 of the passwords were included in a dictionary with 5000 easy to be guessed passwords e 40 of the users chose passwords consisting only of lower case letters e Only 0 2 of the passwords fulfilled the following typical requirements gt Length of at least 8 ch
9. aracters gt Mixture of upper and lower case letters digits and special symbols For details see Imperva document C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Example 1 Rock You Incident Passwords Frequently Used Rank Password Frequency Rank Password Frequency 1 123456 290731 11 Nicole 17168 2 12345 79078 12 Daniel 16409 3 123456789 76790 13 babygirl 16094 4 Password 61958 14 monkey 15294 5 iloveyou 51622 15 Jessica 15162 6 princess 35231 16 Lovely 14950 7 rockyou 22588 17 michael 14898 8 1234567 21726 18 Ashley 14329 9 12345678 20553 19 654321 13984 10 abc123 17542 20 Qwerty 13856 Top 20 of the passwords of RockYou users C Karg Information Systems Security 3 Threats And Countermeasures 37 64 Usage Of Passwords Example 2 Stolen IEEE Log Data Example 2 Stolen IEEE Log Data 2012 e Data breach at IEEE org in September 2012 e Log data of IEEE org was available publicly on an FTP server e Log data time span 1 August 2012 to 18 September 2012 e Gathered information gt Total number of log entries 376 021 496 gt Log entries with password details 411 308 gt 99 979 distinct username values e Consequence almost 100000 compromised users e Users from Apple Google IBM Oracle Samsung NASA Stanford university e For details see http ieeelog com C Karg Informatio
10. ction Blueprint Of A Virus A computer virus consists of the following parts 1 Identification gt information that marks an object as infected 2 Infection gt code which searches for objects which can be infected and copies the virus code 3 Malicious Code gt code which performs harmful activities such as password sniffing deleting the hard disk Note the execution may be triggered by the occurrence of a certain event Example on Friday 13th delete the system s hard disk 4 Host application starter gt code to execute the host application C Karg Information Systems Security 3 Threats And Countermeasures Computer Viruses Types of Viruses Types Of Viruses First generation e Program virus gt Virus is embedded in an executable file gt The host application must be started to execute the virus e Boot virus gt Virus infects the boot loader of the hard disk gt Virus is started at system start up Second generation e Macro virus gt The virus is part of a document such as an attachment of an email or a office document PDF spreadsheet gt The virus is executed on processing the document C Karg Information Systems Security 3 Threats And Countermeasures Computer Viruses Examples Example Sobig Virus Infos e Rapid spreading in 2003 e Infection of Windows operating systems e Usage of social engineering Functioning e Virus was transmitted as part of a Program
11. e Spam mails are also used for password phishing e Spamhaus project estimates that 95 of the e mail traffic in America and Europe is spam e Nucleus Research Each employee of a company in the U S receives 13 3 spam mails per day and spends 6 5 minutes per day on processing them financial damage of 120 millions USD in 2004 e Countermeasure Use a spam filter e But In an industrial environment automated processing of spam e mails is subject to legal restrictions C Karg Information Systems Security 3 Threats And Countermeasures Spam And Phishing Introduction Phishing Goal Get confidential access data directly from the user Approach e Setup a bogus web page for account recovery e Send an email with an message concerning the loss of the user s account data e Phish the account data through the web page Targets e Bank accounts e Credit card data e Web shop accounts e Accounts of social media platforms C Karg Information Systems Security 3 Threats And Countermeasures Spam And Phishing Examples Example 1 EBay Phishing Dear eBay Member We regret to inform you that your eBay account could be suspended if you don t re update your account information To resolve this problem please visit link below and re enter your account information https signin ebay comws eBaylSAP dil SignIn amp sid verify amp co_partnerld 2 amp siteid 0 If your problems could not be resolved your accou
12. e is derived from the war of Trojan saga of the Greek mythology e Trojan horses are threats for any part of a computer system e Common techniques Text processors which copy documents without authorization Databases which provide sensible informations to unauthorized persons System applications which grant unrestricted access to the attacker Software which scans for password data C Karg Information Systems Security 3 Threats And Countermeasures Trojan Horses Example Example Zeus Trojan horse e The Zeus Trojan horse is a malware to manipulate bank transfers e The code exists in several variations e The code contains stealth mechanisms to prevent detection by virus scanners e Windows is the main target e Mobile variants do exist for Android Blackberry Symbian and Windows Mobile C Karg Information Systems Security 3 Threats And Countermeasures Trojan Horses Countermeasures Countermeasures e Be careful while downloading software from the Internet e Restrict the user authorization as much as possible e Do not trust informations of untrustworthy origin e Do not store passwords and other confidential information in plain text e Use an external device to store confidential information C Karg Information Systems Security 3 Threats And Countermeasures Spam And Phishing Introduction Spam E Mails e Spam are e mails which contain junk or unsolicited commercial advertisements
13. icious web page e Common entry points are buffer overflows C Karg Information Systems Security 3 Threats And Countermeasures Worms Examples Example 1 ILOVEYOU e Spread by a Visual Basic script as an email attachment e f received with MS Outlook the script was automatically executed and sent an email to all contacts of the user e ILOVEYOU destroyed image audio and video files and searched for passwords on the local hard disk C Karg Information Systems Security 3 Threats And Countermeasures Worms Examples Example 2 Lovesan Blaster Worm e Goal Distributed Denial of Service DDoS attack on the server windowsupdate com e Infection by usage of a buffer overflow in the Windows DCOM RPC service e On 16 8 2003 a SYN flood attack should be performed Luckily Microsoft removed the DNS entry of the above server before this date C Karg Information Systems Security 3 Threats And Countermeasures Worms Countermeasures Countermeasures e Use anti virus and anti spyware software e Keep your system up to date Use a firewall and prevent unrestricted access from outside into your network e Use access control mechanisms C Karg Information Systems Security 3 Threats And Countermeasures Trojan Horses Introduction Trojan Horses e A Trojan horse is a piece of software where the real functionality deviates from the described functionality e The name of this kind of malwar
14. in account suspension Please update your records on or before August 30 2006 Once you have updated your account records your PayPal session will not be interrupted and will continue as normal To update your PayPal records click on the following link ihini 2 Thank You PayPal UPDATE TEAM amp nbsp Accounts Management As outlined in our User Agreement PayPal will periodically send you information about site changes and enhancements Visit our Privacy Policy and User Agreement if you have any questions Liven L com cgi bin w r p gen ua poli rivacy arg Information Systems Security Threats And Countermeasures Spam And Phishing e Battlenet Account Login Google Chrome BB dowe net Account Login DO custabla net cayrriognan or hess BATTLENET Need an account URL of this page http eu diablo net ca ym login in C Karg Information Systems Security Spam And Phishing mp Batile net Account Logn Google Chrome amp BATTLENET Need an account C Karg Information Systems Security Spam And Phishing Examples Countermeasures e Use a virus scanner e Use a web browser which is up to date e Use your brain gt Links in HTML mails and PDF documents might be bogus gt http www google com gt Serious companies do not request passwords or other confidential information via email e For a list of current phishing attacks take a look at http www phisht
15. n Systems Security 3 Threats And Countermeasures Usage Of Passwords Example 2 Stolen IEEE Log Data Most Used Passwords 300 E users 230 160 oe E 90 20 C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Example 2 Stolen IEEE Log Data Most Used Passwords Cont Rank Password 123456 ieee2012 12345678 123456789 password library 1234567890 123 12345 1234 p WO CO NI OA A BY GO DO C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Attacks Against Passwords Attacks Against Passwords e Password hashes can be used for a brute force attack e A modern PC can compute millions of hashes per second e The usage of rainbow tables speeds up things e Cloud services such as Amazon Elastic Cloud provide huge computation power for little money C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Recommendations Recommendations e Properties of a good password gt Length of at least 8 characters gt Combination of upper and lower letters digits and special characters gt Does not include user name name of a dictionary or an email address e The quality of a password should depend of the importance of the information to be protected e Never use a password twice e Never give an important pas
16. n trick the interpreter into executing unintended commands or accessing unauthorized data 2 Broken Authentication and Session Management Application functions related to authentication and session management are often not implemented correctly allowing attackers to compromise passwords keys session tokens or exploit other implementation flaws to assume other users identities C Karg Information Systems Security 3 Threats And Countermeasures 58 64 Web Application Issues OWASP Top 10 Risks 2013 II 3 Cross Site Scripting XSS XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping XSS allows attackers to execute scripts in the victim s browser which can hijack user sessions deface web sites or redirect the user to malicious sites 4 Insecure Direct Object References A direct object reference occurs when a developer exposes a reference to an internal implementation object such as a file directory or database key Without an access control check or other protection attackers can manipulate these references to access unauthorized data C Karg Information Systems Security 3 Threats And Countermeasures Web Application Issues OWASP Top 10 Risks 2013 III 5 Security Misconfiguration Good security requires having a secure configuration defined and deployed for the application frameworks application server web server database
17. nt will be suspended for a period of 24 hours after this period your account will be terminated For the User Agreement Section 9 we may immediately issue a warning temporarily suspend indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you our users or us We may also take these actions if we are unable to verify or authenticate any information you provide to us Due to the suspension of this account please be advised you are prohibited from using eBay in any way This includes the registering of a new account Please note that this suspension does not relieve you of your agreed upon obligation to pay any fees you may owe to eBay Regards Safeharbor Department eBay Inc The eBay team This is an automatic message please do not reply Karg Information Systems Security Threats And Countermeasures Spam And Phishing Examples Example 2 Paypal Phishing Paypal Dear valued PayPal member It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website If you could please take 5 10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service However failure to update your records will result
18. r key to 148 35038534 Isabel wants pages about snakes but not too long User Karen wants to change account password to xkcd g Information Systems Security Threats And Countermeasures Heartbleed Bug Consequences Consequences HEARTBLEED MUST I MEAN THIS BUG ISNT IT S NOT JUST KEYS JUST BROKEN ENCRYPTION b xkcd C Karg Information Systems Security 3 Threats And Countermeasures Heartbleed Bug Consequences Consequences Cont e OpenSSL from version 1 0 1 to 1 0 1f contains the heartbleed bug e A large number of online services was affected by the heartbleed bug e The bug was patched with version 1 0 1g on 7 April 2014 e Bruce Schneier s remark Catastrophic is the right word On the scale of 1 to 10 this is an 11 For more details Schneier Heartbleed C Karg Information Systems Security 3 Threats And Countermeasures Computer Viruses Introduction Computer Viruses e A computer virus is a code fragment which needs an host program for execution e The virus infects other files with his code reproduction e The virus contains a part with malicious code which can cause severe damage to the host system e A mutant virus modifies his code during reproduction e The term computer virus was introduced by Adleman and Cohen in 1984 C Karg Information Systems Security 3 Threats And Countermeasures Computer Viruses Introdu
19. s Security 3 Threats And Countermeasures Web Application Issues OWASP Top 10 Risks 2013 V 9 Using Components with Known Vulnerabilities Vulnerable components such as libraries frameworks and other software modules almost always run with full privilege So if exploited they can cause serious data loss or server takeover Applications using these vulnerable components may undermine their defenses and enable a range of possible attacks and impacts 10 Unvalidated Redirects and Forwards Web applications frequently redirect and forward users to other pages and websites and use untrusted data to determine the destination pages Without proper validation attackers can redirect victims to phishing or malware sites or use forwards to access unauthorized pages C Karg Information Systems Security 3 Threats And Countermeasures 62 64 Summary Summary e Threats to IT systems exist since computers entered the mass market e The growing complexity of IT systems makes them harder to protect e Vulnerabilities of internet applications cause a threat on a large number of IT systems e Generally vulnerabilites cannot be prevented You have to react on upcoming exploits C Karg Information Systems Security 3 Threats And Countermeasures Summary References e J R VACCA Computer And Information Security Handbook Morgan Kaufman 2010 e B SCHNEIER Secrets And Lies Digital Security in a Networked World
20. sword to another user e Change your password frequently e Use a password safe to store your passwords C Karg Information Systems Security 3 Threats And Countermeasures Usage Of Passwords Recommendations Recommendations Cont oooc Ooooo0000cr e UNCOMMOI a Non ia ORDER Oe RD UNKNOWN pan 2 3 DAS AT TrQu bddor 3 1000 GUESSES sec Canela anot SHA ue RO YES CRACKING A STOLEN HASH 15 FASTER BUT 1th NOT WHAT THE AERAGE USER SHOUD LORRY ABOUT DIFFICULTY To GESS HUH BITS OF ENTROPY 1000 GUESSES sEC COMMON WORDS DIFFICULTY To Guess HARD WAS IT TROMBONE NO TROUGADOR AND ONE OF THE Os WAS A ZERO AND THERE WAS SOME SYMBOL v DIFFICULTY TO REMEMBER DIFFICULTY TO REMEMBER YOUVE ALREADY MEMORIZEO IT THROUGH 20 YEARS OF EFFORT WE VE SUCCESSFULLY TRAINED EVERYONE TO USE PASSWORDS THAT ARE HARD FOR HUMANS To REMEMBER BUT EASY FoR COMPUTERS TO GUESS 3 Threats And Countermeasures xkcd arg Information Systems Security Botnets Introduction Botnets e A botnet is a collection of infected hosts which is controlled by a botnet server e The word bot is derived from robot e Botnets may consist of thousands of bots which are distributed over the whole world e The malicious code of a botnet is spread via viruses worms etc e A common way to control the bots is a communication over the Internet Relay Chat IRC e Types of attacks
21. tems Security 3 Threats And Countermeasures Heartbleed Bug Overview Heartbleed Bug e The heartbeat extension of the TLS protocol can be used to check whether a connection to a server still exists e Approach 1 The client sends a message together with its length to the server 2 The server sends the message back to the client e Heartbleed Bug gt The OpenSSL implementation of the heartbeat extension does not check whether the length of the message is equal to the given size gt If the size value is greater than the message length then the OpenSSL implementation returns parts of its internal memory C Karg Information Systems Security 3 Threats And Countermeasures Heartbleed Bug Explanation Explanation HOW THE HEARTBLEED BUG WORKS SERVER ARE YOU STILL THERE IF S0 REPLY POTATO 6 LETTERS J ser Meg wants these 6 letters POTATO iser Meg wants these 6 letters POTATO xkcd C Karg Information Systems Security 3 Threats And Countermeasures Heartbleed Bug Explanation Explanation Cont xkcd C Karg Information Systems Security 3 Threats And Countermeasures Heartbleed Bug Explanation Explanation Cont SERVER ARE YOU STILL THERE g IF SO REPLY HAT 500 LETTERS Meg wants these 500 letters HAT J Meg wants these 500 letters HAT HAT Lucas requests the missed conne ctions page Eve administrator wan ts to set server s maste
22. tion Systems Security 3 Threats And Countermeasures Buffer Overflows Funct OxFFFFFFFF Growth Data Segment Not protected by operating system Heap Protected by operating system 0x00000000 Systems Security 3 Threats And Count Buffer Overflows Functioning Stack Management e Each process manages its own stack e Function calls are managed with stack frames e A stack frame stores the parameters and local variables of the called function the return address of the calling function e Important registers Intel x86 32 Bit Extended base pointer ebp gt base of the current stack frame higher address Extended stack pointer esp gt top of the stack lower address C Karg Information Systems Security 3 Threats And Countermeasures Buffer Overflows Functioning Stack Manipulation correct stack manipulated stack Information Systems Security termeasures Buffer Overflows Countermeasures Countermeasures e Develop your software carefully e Use a programming language with advanced security features e Use safe libraries which offer security enhanced implementations of strcpy and friends e Do not disable the security mechanisms provided by your compiler and operating system e Use code analyzers to search for insecure code fragments e Use trusted versions of your operating system or enable additional security features C Karg Information Sys
23. update and asks for the victim s smartphone type and his phone number 3 The gathered information is stored in a drop zone and is used in the sequel C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont 4 After receiving the victim s phone number an SMS is sent to to the victim The SMS contains a link and instructs the victim to follow the link in order to install an app on his smartphone 5 At the same time the Trojan horse the victim s PC opens a manual providing a guide for the installation of the app just in case that the SMS was not received by the victim 6 After the installation the app generates a check number and instructs the victim to enter this number into the PC 7 At the end of the installation process the PC displays a success message C Karg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Mule Account C amp C Server Customer s Mobile Device ye Customer Eurograbber Step 2 Money withdrawal Eurograbber Whitepaper arg Information Systems Security 3 Threats And Countermeasures Botnets Example Eurograbber Example Eurograbber Cont Step 2 Money withdrawal 1 The victim logs into his online banking account 2 Immediately after the login the PC Trojan horse withdraws a percentage of the victim s
Download Pdf Manuals
Related Search