- Sell the code for backdoors/bots
- Spam and web-based advertising
- Pump and dump stock schemes
- Phishing: e-mail, phone, and targeted (spear) phishing
- Denial of Service extortion
- Keystroke loggers stealing financial information
- Rent out armies of infected systems for all of the above
- RAM scrapers pulling CC numbers of POS terminals
-
Hack into web and FTP sites and alter software to include backdoor ==> Everyone who downloads and uses the tool is impacted
-
Another approach is embodied in ISR-Evilgrade tool
- Listens for software to request update
- Sends response with malware
- Currently includes modules for Java browser plug-ins, Winzip, WinAmp, MacOS X, OpenOffice, iTunes, Linkedln toolbar, and more More than 6o software packages in total whose Internet updates can be subverted this way
- Check hashes across multiple mirrors
- Check both MD5 and SHA-1 at least
- Md5sum and sha1sum are built into Linux
- Md5summer is available for free for Windows (md5summer.org)
- Md5deep is another good project at http //md5deepsourceforge.net/
- Calculates MD5, SHA-;, SHA-256, Tiger, and Whirlpool hashes
- Available for Win and Linux/UNIX
- RIPEMD-160
- Check PGP signatures if available
- Make sure you check against a trustworthy key
- Don’t put new software directly into production; test first
- The Domain Name System is full of useful information about a target • The attacker?s goal is to discover as many IP addresses associated with the target domain as possible • The nslookup command can be used to interact with a DNS server to get this data