Botnet Resistant Coding: Protecting Your Users from Script Kiddies

Presented at The Next HOPE (2010), July 16, 2010, 3 p.m. (60 minutes).

Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeus’s availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.


Presenters:

  • Peter Greko
    Peter Greko is a Miami security researcher, board member of HackMiami, and an application analyst specializing in web security for a Fortune 20 company. Pete gives presentations to programming classes on web security practices and has presented for both HackMiami and the south Florida ISSA chapter meetings.
  • Fabian Rothschild
    Fabian Rothschild is a Miami college student leading malware research for HackMiami and has presented his research on ZeuS for South Florida OWASP. He is a consultant for small and medium businesses providing best security practices for application development. He enjoys programming in Python and running Linux.

Links:

Similar Presentations: