Brett Stone-Gross
Ryan Abman
Richard A. Kemmerer
Christopher Kruegel
Douglas G Steigerwald
Presentation [PDF]
Twitter transcript
#weis2011 presenting analysis of *actual* data from 21 servers from 3 multi-million $ fake a/v ops!!! < #spiffy
#weis2011 showing example of fake a/v exploit that was embedded in HTML. good walkthrough. useful slides for an orgs tech ed/brown bag sessn
#weis2011 good/succinct survey of techniques blackhat seo, annoying popups, preying on user naivete.
#weis2011 great graphic on the flow of the money trail in fake a/v. Brett & his colleagues paid attention to detail.
#weis2011 talking about affiliate programs (think amazon associates but for bad guys) & webmoney (evil bitcoins).
#weis2011 189K sales; $11mil in 3mos!! 8.4m installs. conversion rate 2.4% (wow). if it had not been stopped, fy net $ wld be 45mil!
#weis2011 comparing campaigns & operations. the choice in malicious hosting provider is key. downtime reduces profits. #timeforMalCloud?
#weis2011 fake a/v providers actually give refunds to help avoid bank fraud detection. Refund rates between 3-9%.
#weis2011 now showing their economic statistical models (and plugging real data into them) and the back-end infrastructure that runs the biz
#weis2011 (me) the bad guys have better metrics, better partnerships & rely on naivete of users. the good guys don't share anything w/anyone
#weis2011 the threshold for payment processors to terminate a bad account is when bad transactions (chargbacks) hit 10%. virt no incentive
