{"id":24537,"date":"2015-11-23T12:00:07","date_gmt":"2015-11-23T20:00:07","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=24537"},"modified":"2025-05-27T20:00:53","modified_gmt":"2025-05-28T03:00:53","slug":"a-dummies-guide-to-insider-trading-via-botnet-part-2","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/","title":{"rendered":"A Dummies Guide to &#8216;Insider Trading&#8217; via Botnet, Part 2"},"content":{"rendered":"<p><em>This post, the second\u00a0of two parts, was written by <a href=\"https:\/\/securingtomorrow.mcafee.com\/author\/christiaan-beek\/\" target=\"_blank\" rel=\"noopener\">Christiaan Beek<\/a>, Raj Samani, and Shane Shook.\u00a0<\/em><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet\/\">In our first post, <\/a>we\u00a0examined the evolution of the botnet. In this follow-up we will discuss a new botnet operating model that allows an attacker to get an insider\u2019s view of infected organizations without actually being an insider\u2014all while remaining undetected and manipulating data for financial gain.<\/p>\n<h2><strong>Fiction or reality?<\/strong><\/h2>\n<p>Many examples of attacks by botnet malware resulting in financial theft or accounts fraud have been published that trace the evolution of \u201cpersonal\u201d information stealers into \u201ccorporate\u201d information stealers. In 2009 Patco Construction, in Sanford, Maine, was robbed of $588,000. In that same year, US law enforcement arrested individuals associated with the incursions via botnets into 390 companies in the United States, with estimated related losses at more than $70 million. Similar activities occurred in 2012 when Tennessee Electric Co. lost almost $328,000 after their bank account was taken over by cyber thieves.<\/p>\n<p>Other examples abound, but the evolution of the use of botnets continues as more and more corporate services are facilitated online. In 2014 Salesforce.com users were targeted by malware configured to automatically steal login details, and even bypass two-factor authentication. Numerous examples of malware configurations to target corporate financial, securities, and other web services are available through cursory Internet searches. Dyre samples include more than 450 URLs intended to be automatically monitored for credentials theft, including corporate and personal web services. Some of the configured URLs include nonspecific wildcards to harvest credentials used for popular corporate financial and HR applications.<\/p>\n<p>In May, the Australian Federal Police released a report concerning corporate securities trading fraud in which malware actors were targeting nontraditional financial platforms in Australia. Investigations into large sums of money fraudulently transferred from various Australian financial institutions using corporate accounts commenced in February 2014.<\/p>\n<p>The investigations showed that two brokerage services were making unusual transactions. Forensic investigations revealed the presence of \u201cfinancial\u201d malware. The malware, in this instance, was defined as malicious software that has been designed to steal, alter, and compromise financial transactions and credentials.<\/p>\n<p>Some results from the investigation:<\/p>\n<ul>\n<li>Logins occurring in excess of a month prior to the first fraudulent transaction.<\/li>\n<li>Logins occurring while the broker was listed as absent from work.<\/li>\n<li>Logins occurring between specific periods consistent with known Eastern European actors.<\/li>\n<li>Logins using specific user-agent strings consistent with known Eastern European actors.<\/li>\n<li>Numerous forged authorizations had been processed without question.<strong>\u00a0<\/strong><\/li>\n<\/ul>\n<p>Market information stealer: These seek to help a subscriber gain insights into valuable sensitive and highly protected information. These malware are less focused on credential theft, although that is an important feature for subscribers to discern the financial performance of their victims. Instead the malware facilitates managed access to specific information stores or screens from which time-sensitive information can be surreptitiously observed or copied.<strong>\u00a0<\/strong><\/p>\n<p>In the preceding picture, the botmaster has control over computers in two banks and a trading firm, representing capital markets analysts and a corporate controller. The botmaster is simply providing access to a subscriber (\u201cMalicious Trader\u201d), who can see sensitive information in each company, a kind of \u201cBotnet-Flix.\u201d With that access, the Malicious Trader can use the information to anticipate the financial market and start actions that will give him, or the organization he\u2019s working for, a financial gain.<\/p>\n<p>The crimes committed are not only the intrusion into the bank and trading firm computers, but also the exploitation of the proprietary and sensitive information for gain.<\/p>\n<p>Although this seems an incredible situation, such facilities are provided by a long history of botnet malware that enable automated or manual access to infected computers.<\/p>\n<h2><strong>Examples of malware features <\/strong><\/h2>\n<p>The following table shows an overview of banking botnets as of March and the plug-ins and functions available to operators or subscribers:<\/p>\n<p>&nbsp;<\/p>\n<table width=\"679\">\n<tbody>\n<tr>\n<td colspan=\"4\" width=\"337\"><strong>Banking Botnets and Extra Features<\/strong><\/p>\n<p>&nbsp;<\/td>\n<td width=\"99\"><strong>\u00a0<\/strong><\/td>\n<td width=\"89\"><strong>\u00a0<\/strong><\/td>\n<td width=\"67\"><strong>\u00a0<\/strong><\/td>\n<td width=\"88\"><strong>\u00a0<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"83\"><strong>Feature<\/strong><\/td>\n<td width=\"70\"><strong>Man in the Browser<\/strong><\/td>\n<td width=\"77\"><strong>Redirect<\/strong><\/td>\n<td width=\"107\"><strong>VNC\/Back Connect<\/strong><\/td>\n<td width=\"99\"><strong>Screenshots<\/strong><\/td>\n<td width=\"89\"><strong>Video Capture<\/strong><\/td>\n<td width=\"67\"><strong>Proxy<\/strong><\/td>\n<td width=\"88\"><strong>Certificate Stealer<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Zeus<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">Plug-in<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">IceIX<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">Plug-in<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Citadel<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">Plug-in<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Gameover<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">KINS<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">Plug-in<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Shylock<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">N<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">N<\/td>\n<td width=\"89\">Y<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Geodo<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">N<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Dridex<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Gozi<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">N<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Dyre<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Plug-in<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">Y<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">Y<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Ramnit<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">N<\/td>\n<td width=\"88\">N<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Tinba<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Y<\/td>\n<td width=\"99\">Y<\/td>\n<td width=\"89\">N<\/td>\n<td width=\"67\">Y<\/td>\n<td width=\"88\">N<\/td>\n<\/tr>\n<tr>\n<td width=\"83\">Hesperbot<\/td>\n<td width=\"70\">Y<\/td>\n<td width=\"77\">Y<\/td>\n<td width=\"107\">Plug-in<\/td>\n<td width=\"99\">Plug-in<\/td>\n<td width=\"89\">Plug-in<\/td>\n<td width=\"67\">Plug-in<\/td>\n<td width=\"88\">Plug-in<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Source: <a href=\"http:\/\/www.secureworks.com\/assets\/pdf-store\/other\/banking-botnets-persist-2015.pdf\">http:\/\/www.secureworks.com\/assets\/pdf-store\/other\/banking-botnets-persist-2015.pdf<\/a><\/p>\n<p>The Zeus malware\u2019s video capture plug-in can detect if a remote desktop session is being launched and start recording that session. Examples of malware and their features can be viewed on YouTube:<\/p>\n<ul>\n<li>See 5:38 for VNC and recording.<\/li>\n<\/ul>\n<p>https:\/\/www.youtube.com\/watch?v=FBaW6M1Edtk<br \/>\n<a href=\"https:\/\/www.youtube.com\/watch?v=FBaW6M1Edtk\">https:\/\/www.youtube.com\/watch?v=FBaW6M1Edtk<\/a><\/p>\n<ul>\n<li>Zeus 2015. Full panel configuration on services.<\/li>\n<\/ul>\n<p><iframe loading=\"lazy\" title=\"Zeus Botnet New 2015 Latest - Grabs from CHROME &amp; All Browsers\" width=\"500\" height=\"375\" src=\"https:\/\/www.youtube.com\/embed\/UcHnrvS2-S8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><br \/>\n<a href=\"https:\/\/www.youtube.com\/watch?v=UcHnrvS2-S8\">https:\/\/www.youtube.com\/watch?v=UcHnrvS2-S8<\/a><\/p>\n<p>Fraud is a crime conducted by individuals. Malware is a tool that can be useful to those individuals. Botnets connect interested individuals with tools they can use, and ready access to victims on whom the fraud can be committed.<\/p>\n<p>A recent example <a href=\"http:\/\/www.reuters.com\/article\/2015\/08\/12\/us-cybercybersecurity-hacking-stocks-arr-idUSKCN0QG1EY20150812\">concerning market information theft<\/a> that began in 2010 and continued for five years involved hackers and traders who stole sensitive information that allowed trading resulting in an estimated $100 million in profits. The access to the stolen information was facilitated by botnets, and hackers disseminated instructions and tutorials, created by rogue traders, along with stolen information. A Ukrainian trading company, Jaspen Capital Partners, was identified by the SEC as a beneficiary of the stolen information used to trade on the nonpublic information.<\/p>\n<p>In a <a href=\"http:\/\/www.sec.gov\/news\/pressrelease\/2015-191.html\">settlement press announcement,<\/a> the SEC stated that the company:<\/p>\n<p>\u201c\u2026made approximately $25 million buying and selling contracts-for-differences (CFDs) on the basis of hacked press releases stolen from two newswire services between 2010 and 2014 and made additional profits trading on press releases stolen from a third newswire service in 2015. CFDs are derivatives that allow traders to place highly leveraged bets on the direction of a stock\u2019s price movement. Without admitting or denying the SEC\u2019s allegations, Jaspen and Supranonok agreed to be enjoined from violating the antifraud provisions of U.S. securities laws and related SEC antifraud rules and to return $30 million of allegedly ill-gotten gains.\u201d<\/p>\n<p>Whether the intended fraud is personal or corporate financial theft, or market manipulation by trading on information that no one else has the opportunity to know, the crime is based on the motive, means, and opportunity.<\/p>\n<h2><strong>What\u2019s next?<\/strong><\/h2>\n<p>We write this article to boost awareness, not as a scare tactic. Our analysis of these and similar events are based on our customers submitting malware samples that connect to botnets known for selling their services to subscribers.<\/p>\n<p>Infections by malware of this sort need to be further investigated, focusing on which endpoint was infected and the user\u2019s role and rights, as well as if somebody watched over the victim\u2019s back and what insider data could have been used.<\/p>\n<h2><strong>Prevention <\/strong><\/h2>\n<ul>\n<li>Keep your endpoint detection up to date.<\/li>\n<li>In addition to promptly patching operating systems, keep all third-party software up to date, especially Adobe Flash.<\/li>\n<li>Learn the capabilities of these malware families.<\/li>\n<\/ul>\n<h2><strong>Contributors<\/strong><\/h2>\n<p>We would like to thank the many people involved in this research, including members of the Malware Operations team, the Malware Sample Database team, the Foundstone Incident Response team, and our special coauthor of this research, Dr. Shane Shook.<\/p>\n<p>Dr. Shook is well-known to Fortune 100 global companies for providing experienced leadership in incident analysis and response. He has led small and large teams of forensic investigators and computer and telecommunications systems analysts in many of the most notorious information security breach events of the past two decades. Shook\u2019s experience in financial services and other industries, including standards development, helps McAfee clients understand technology risks in the context of their businesses.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post,&#8230;<\/p>\n","protected":false},"author":460,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[49,1814,76,180,18,4140],"coauthors":[1359,3576],"class_list":["post-24537","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-botnet","tag-computer-security","tag-cybercrime","tag-malware","tag-network-security","tag-quarterly-threats-report"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A Dummies Guide to &#039;Insider Trading&#039; via Botnet, Part 2 | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Dummies Guide to &#039;Insider Trading&#039; via Botnet, Part 2 | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-23T20:00:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T03:00:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20151120-Raj-botnet-1.png\" \/>\n<meta name=\"author\" content=\"Raj Samani, Christiaan Beek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@raj_samani\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Raj Samani, Christiaan Beek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\"},\"author\":{\"name\":\"Raj Samani\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc\"},\"headline\":\"A Dummies Guide to &#8216;Insider Trading&#8217; via Botnet, Part 2\",\"datePublished\":\"2015-11-23T20:00:07+00:00\",\"dateModified\":\"2025-05-28T03:00:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\"},\"wordCount\":1347,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"botnet\",\"computer security\",\"cybercrime\",\"malware\",\"network security\",\"Quarterly Threats Report\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\",\"name\":\"A Dummies Guide to 'Insider Trading' via Botnet, Part 2 | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2015-11-23T20:00:07+00:00\",\"dateModified\":\"2025-05-28T03:00:53+00:00\",\"description\":\"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"A Dummies Guide to &#8216;Insider Trading&#8217; via Botnet, Part 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc\",\"name\":\"Raj Samani\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/84322977b2e4d74026259dbee600b443\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png\",\"caption\":\"Raj Samani\"},\"description\":\"Raj Samani is Chief Scientist and Fellow for the Enterprise business. He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He is the co-author of the book \\\"Applied Cyber Security and the Smart Grid\\\" and the \\\"CSA Guide to Cloud Computing,\\\" as well as technical editor for numerous other publications.\",\"sameAs\":[\"http:\/\/www.mcafee.com\/\",\"https:\/\/www.linkedin.com\/in\/raj-samani-3697b9\/\",\"https:\/\/x.com\/raj_samani\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/raj-samani\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A Dummies Guide to 'Insider Trading' via Botnet, Part 2 | McAfee Blog","description":"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"A Dummies Guide to 'Insider Trading' via Botnet, Part 2 | McAfee Blog","og_description":"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2015-11-23T20:00:07+00:00","article_modified_time":"2025-05-28T03:00:53+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/20151120-Raj-botnet-1.png","type":"","width":"","height":""}],"author":"Raj Samani, Christiaan Beek","twitter_card":"summary_large_image","twitter_creator":"@raj_samani","twitter_site":"@McAfee","twitter_misc":{"Written by":"Raj Samani, Christiaan Beek","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/"},"author":{"name":"Raj Samani","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc"},"headline":"A Dummies Guide to &#8216;Insider Trading&#8217; via Botnet, Part 2","datePublished":"2015-11-23T20:00:07+00:00","dateModified":"2025-05-28T03:00:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/"},"wordCount":1347,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["botnet","computer security","cybercrime","malware","network security","Quarterly Threats Report"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/","name":"A Dummies Guide to 'Insider Trading' via Botnet, Part 2 | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2015-11-23T20:00:07+00:00","dateModified":"2025-05-28T03:00:53+00:00","description":"This post, the second\u00a0of two parts, was written by Christiaan Beek, Raj Samani, and Shane Shook.\u00a0 In our first post, we\u00a0examined the evolution of the","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-dummies-guide-to-insider-trading-via-botnet-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"A Dummies Guide to &#8216;Insider Trading&#8217; via Botnet, Part 2"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c599d4c6fbfe639ab3c623dbab743efc","name":"Raj Samani","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/84322977b2e4d74026259dbee600b443","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/Picture1-1-96x96.png","caption":"Raj Samani"},"description":"Raj Samani is Chief Scientist and Fellow for the Enterprise business. He has assisted multiple law enforcement agencies in cybercrime cases and is a special advisor to the European Cybercrime Centre in The Hague. Samani has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, and Intel Achievement Award, among others. He is the co-author of the book \"Applied Cyber Security and the Smart Grid\" and the \"CSA Guide to Cloud Computing,\" as well as technical editor for numerous other publications.","sameAs":["http:\/\/www.mcafee.com\/","https:\/\/www.linkedin.com\/in\/raj-samani-3697b9\/","https:\/\/x.com\/raj_samani"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/raj-samani\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/460"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=24537"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24537\/revisions"}],"predecessor-version":[{"id":214482,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24537\/revisions\/214482"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=24537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=24537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=24537"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=24537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}