Unveiling One of the World's Biggest and Oldest Cybercrime Gangs-Asprox

Presented at Hackfest 2016, Nov. 5, 2016, 10 a.m. (Unknown duration)

Existing research on the Asprox actor has focused primarily on the malware they spread, but little has been published on who they are, how they operate and spread malware, and what resources they own. In this rare talk, we will disclose our many years of deep research on this actor: for example, since their initial operation in 2007, the Asprox gang now owns 2+ billion compromised emails, 2+ million compromised web servers (backdoored with webshells), 0.9+ million compromised SMTP accounts (some of which belong to the US military), 0.4+ million compromised FTP accounts, and SSH access to 1200+ compromised servers. We will detail how they've evolved into their currently sophisticated infection infrastructure, including their multiple layers of distribution and command-and-control servers, their anti-detection proxy servers, their malware obfuscation tool chain, their means of infecting endpoints, their large scale tool to auto-compromise websites and inject webshells, and their evolution in 2014 to Android malware and mobile botnets. We will study statistics such as daily downloads and conversion rate, and will explain their monetization methods within multiple underground economies, and the economics. Finally, we'll cover how we've managed to collect our data, how we analyzed the data, and the many techniques we used in tracking this actor.

Presenters:

• Sun Huang
  Sun Huang is a Senior Threat Researcher at Proofpoint. He has more than nine years of experience in information security. Huang has discovered many web application 0days, including those of CMS and C2 Panel. Huang has participated in many security contests and was one of the top 10 researchers in Paypal's 2013 Bug Bounty Wall of Fame. He was also the third place AT&T bug reporter in 2013. Huang currently holds CCNA, ECSS, CEH and PMP certifications.
• Wayne Huang
  Wayne Huang was Founder and CEO of Armorize Technologies, and is now VP Engineering at Proofpoint. Huang is a frequent speaker at security conferences, including BlackHat ‘10, DEFCON ‘10, RSA ‘07 ‘10 ‘15, SyScan ‘08, ‘09, OWASP ‘08, ‘09, Hacks in Taiwan ‘06 ‘07, WWW ‘03 ‘04, PHP ‘07 and DSN ‘04. A diligent blogger on cyberthreats, his posts have been covered by the most influential media. Into security since 7th grade, he has led teams to develop security products ranging from source code analysis, web application firewall, vulnerability assessment, exploit & malware detection, anti-malvertising, email security, and APT defense. He received his Ph.D. in EE from National Taiwan University, and his B.S. and M.S. in CS from NCTU. He holds two US patents on source code analysis.

Links:

• https://hackfest.ca/en/2016/speakers2016/#sun
• https://infocon.org/cons/Hackfest/Hackfest 8 2016/HF2016 - Sun Huang & Wayne Huang Unveiling One of the Worlds Biggest and Oldest Cybercrime Gangs.mp4
• https://www.youtube.com/watch?v=iL9WpB6xvE8

Similar Presentations:

• DEF CON 24 (2016) / Malware Command and Control Channels: A journey into darkness
• VB2016 / Unveiling the Attack Chain of Russian-Speaking Cybercriminals
• REcon 2022 / OopsSec -The bad, the worst and the ugly of APT’s operations security