Malware infecting computers always serves a purpose. Zombies, as infected systems are called, usually connect to a Command & Control channel and receive their orders from the owners of the zombie herd. Malicious software can also be used as a tool for retrieving information. Some of these tools are specialised and look for specific data such as login credentials. At DeepSec 2011 Hermes Li will explain how a trojan horse designed for stealing user information is installed, how it works and give a short introduction into the Chinese underground market. The talk will also discuss parts of the code, DLL injection and the packer encryption.
There is a market for most stolen data. When it comes to games there is even real money in data trafficking. In-game goods (items, currencies, …) can be sold, just as the accounts themselves. Gold farming is known since the 1990s, but stealing virtual goods by malware is a lucrative short-cut. The major drawback of stolen data is the fact that the data is still there, so you don’t notice immediately that something is wrong. This is why infected computers often continue to be used by users unaware of the risks. The theft of stolen virtual goods has already founds its place in the reality. In 2009 the police in Bochum, Germany, received a report from a gamer of an online game. The man invested 1.000€ into the in-game development of his avatar. All of a sudden all of his avatar’s items were gone. While this sounds strange to anyone not interested in online games, there’s a real market for these virtual goods. The German police understood that there was a damage to the gamer and registered the offence. The case serves as a precedence and is not only interesting for law enforcement. Computer game companies should take notice as well.
Hermes Li’s talk will give you an understanding of how malicious software works, how it attacks computer systems and how you can defend yourself.