Confidence - (25-26.05 2010 Krakow)
Language: polski | engish

Tomasz Sawiak

Tomasz Sawiak 8 years experience in security, most time spend on security research in field of phishing, honeypots, app hacking. He is cofunder and involved in project He investigated most sophisticated phishing cases involving malwares in Poland since 2004 including: IRC Botnets, Sinowal (with IframeCash/iframeDollars), Mebroot, Limbo, Nuclus, CLOD, ZEUS etc. Analysis Include blackbox, live and reverse code engineering, forensic, analysis of control Panels (looking for vulnreabilities etc.)

Topic of Presentation: Phishing

Language: English


  • introducion to phishing types and focus malware phishing scenarious with ManInTheBrowser functionality.
  • describing phishing history in Poland since 2004 ( malware by malware, Case by case with malware descriptions, control panels etc.
  • showing how it was evolved until nowadays, showing following malwares on time line – when first was used and whet new malware was used instead previous one: one of IRC Botnet, SINOWAL, MEBROOT, LIMBO, NUCLUS, ZEUS, CLOD, ZEUS instances with javascript frameworks etc. Here I can metnion also about first most sophisticaed affiliate program that was used for phishing malware spreading – IframeDollars/IframeCase
  • short description of transaction authentication methods used in Poland since 2004 (OneTimePassowrds, SMS, syncTokens, PKI, JavaTokens etc.), describe how security mechanisms was evolved against phishing scenarios
  • showing tools that was developed with my team during analysis, ideas for the future
  • predicted direction of future phishing vectors