Wednesday 24 September 14:30 - 15:00, Green room.
Jean-Ian Boutin ESET
download slides (PDF)
Webinject files are now ubiquitous in the banking trojan world to aid financial fraud. What started as private and malware-family-dependent code has now blossomed into a full ecosystem where independent coders are selling their services to botnet herders. This specialization phenomenon can be observed in underground forums, where we see a growing number of offers of fully functional webinject packages providing all the functionalities required to bypass the latest security measures implemented by financial institutions.
Our research covers the current webinject scene and its commoditization. We will take a look back and show how it has evolved over time, going from simple phishing-like functionalities to automatic transfer system (ATS) and two-factor authentication bypass, along with mobile components and fully fledged web control panels to manage money exfiltration through fraudulent money transfers.
Nowadays, a piece of malware that can inject arbitrary HTML content into a browser is all that is needed by a resourceful botmaster, as he can now outsource practically every other step required to perform a successful fraudulent financial transfer.
This is confirmed by our recent observation of several malware families using the same webinject kits. Our research will try to answer the question: will we see a consolidation phase leading to the emergence of a few select omnipresent webinject kits, similar to what we have seen in the web exploit kit scene?
Jean-Ian Boutin is a malware researcher in the Security Intelligence program at ESET. In his position, he is responsible for investigating trends in malware and finding effective techniques to counter new threats. He has presented at several security conferences, including Virus Bulletin, CARO and ZeroNights. Jean-Ian completed his Master's degree in computer engineering at Concordia University in Montreal in 2009. His main interests include investigation of information-stealing malware, and threats targeting specific regions. When not at a computer keyboard, he enjoys playing the piano.