[WEB SECURITY] Sunday in SF: Bay Area Hacker's Association: Pwning Botmasters

travis+ml-webappsec at subspacefield.org travis+ml-webappsec at subspacefield.org
Fri Feb 11 12:42:21 EST 2011

So if you happen to be in town for B-Sides or RSA, we're going to have
the following talk at Noisebridge (Mission St.) in the main area.
Noisebridge is a very cool Hackerspace and you should definitely at
least swing by to check out the space.  Just buzz in at the
understated entrance, come up, and say you're new and want a look

I normally wouldn't post to this list but due to the conferences
and the web app sec subject matter, I thought this was apropos.

==== Announcement ====

On 13 Feb 2011, 1400 (that's 2pm for the subtraction-impaired),
The Bay Area Hackers Association will host the following talk:

Counter-Exploitation: Pwning Botmasters

We'll have Billy Rios talking about exploiting the ZeuS botnets and
the people who control them.

Zeus is a Trojan horse that steals banking information by keystroke
logging. Zeus is spread mainly through drive-by downloads and phishing
schemes. First identified in July 2007 when it was used to steal
information from the United States Department of Transportation, it
became more widespread in March 2009. In June 2009, security company
Prevx discovered that Zeus had compromised over 74,000 FTP accounts on
websites of such companies as the Bank of America, NASA, Monster, ABC,
Oracle, Cisco, Amazon, and BusinessWeek.

Zeus' current botnet is estimated to include millions of compromised
computers (around 3.6 million in the United States).  As of October
28, 2009 Zeus has sent out over 1.5 million phishing messages on
Facebook. On November 3, 2009 a British couple were arrested for
allegedly using Zeus to steal personal data.

His blog is here:


About the Speaker:

Billy Rios is currently a security researcher for Google where he
studies emerging security threats and technologies.  Before Google,
Billy was a Security Program Manager at Microsoft where he helped
secure several high profile software projects including Internet
Explorer.  Prior to his roles at Google and Microsoft, Billy was a
penetration tester, making his living by outsmarting security teams,
bypassing security measures, and demonstrating the business risk of
security exposures to executives and organizational decision makers.

Before his life as a penetration tester, Billy worked as an
Information Assurance Analyst for the Defense Information Systems
Agency (DISA). While at DISA, Billy helped protect Department of
Defense (DoD) information systems by performing network intrusion
detection, vulnerability analysis, incident handling, and formal
incident reporting on security related events involving DoD
information systems.  Before attacking and defending information
systems, Billy was an active duty Officer in the United States Marine

As usual, BAHA's website is here:


And we do have a Google calendar for the monthly meetings; it is
linked to from that page.
Effing the ineffable since 1997. | http://www.subspacefield.org/~travis/
My emails do not usually have attachments; it's a digital signature
that your mail program doesn't understand.
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110211/ef967554/attachment.sig>

More information about the websecurity mailing list