Greed for Fame Benefits Large Scale Botnets

Want to give your blog a push or your “gun show” more views? Then why not buy 50,000 fake followers for $1,000! Click farms from down South or botnets such as Game over Zeus will be more than happy to supply them for you.

For this talk, a criminologist and a security researcher teamed up to hunt a large-scale botnet dubbed Linux/Moose 2.0 that conducts social media fraud. The hunt was fastidious since Linux/Moose 2.0 has stealth features and runs only on embedded systems such as consumer routers or Internet of Things (IoT) devices. Using honeypots set up across the world, we managed to get virtual routers infected to learn how this botnet spread and operated. To do so, we performed an HTTPS man-in-the-middle attack to decrypt its traffic. This gave us an impressive amount of information on the botnet’s activities: the name of the fake accounts it uses, its modus operandi to create fake followings and the identification of its consumers, companies and individuals.

This talk will be of interest to a wide audience. First, it will present the elaborate methodology that was used to infect custom honeypots with Linux/Moose 2.0 and led to contributions to the open-source Cowrie Honeypot Project. Second, it will describe the technical details behind the man-in-the-middle attack conducted to decrypt the traffic. Analyses from the decrypted traffic will be presented: what’s the botnet’s sneaky modus operandi to create fake endorsement and what sly techniques it uses to avoid detection. The presentation will further increase its draw by placing the botnet’s activities within a larger-scope: the criminal market for social media fraud. With the data gathered from the decrypted traffic and open-source research, market dynamics behind social media fraud will be presented. Finally, we will cover how botnet operators, wholesalers and online merchants leverage each other to create a criminal market that easily supports money laundering.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...