Malware Freak Show 2: The Client-Side Boogaloo

Presented at DEF CON 18 (2010), July 31, 2010, 4 p.m. (50 minutes)

We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year's talk, we want to dive deeper and bring you the most interesting samples from around the world - including one that made international headlines and the rest we're positive no one's ever seen before (outside of us and the kids who wrote them). This talk will bring you 4 new freaks and 4 new victims including: a Sports Bar in Miami, Online Adult Toy Store, US Defense Contractor, and an International VoiP Provider. The malware we are going to demo are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, anti-forensic techniques and data exporting properties will be very interesting to anyone interested in this topic.

Presenters:

• Nicholas J. Percoco - Senior Vice President of SpiderLabs, Trustwave
  Nicholas J. Percoco is the head of SpiderLabs at Trustwave - the advanced security team that has performed more than 700 cyber forensic investigations globally, thousands of penetration and application security tests for Trustwave clients. In addition, his team is responsible for the security research that feeds directly into Trustwave's products through real-time intelligence gathering. He has more than 15 years of information security experience. Nicholas acts as the lead security advisor to many of Trustwave's premier clients by assisting them in making strategic decisions around various security and compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public and private audiences throughout North America, South America, Europe, and Asia including security conferences such as Black Hat, DEFCON, SecTor and You Sh0t the Sheriff. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems. Nicholas holds a Bachelor of Science in Computer Science from Illinois State University.
• Jibran Ilyas - Senior SpiderLabs Forensic Investigator, Trustwave
  Jibran Ilyas is a Senior Forensic Investigator at Trustwave's SpiderLabs. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has investigated some of nations largest data breaches and is a regular contributor for published security alerts through his research. He has 7 years experience and has done security research in the area of computer memory artifacts. Jibran has presented talks at security conferences (DEFCON, SecTor) in the area of Computer Forensics and Cyber Crime. Jibran is also a regular guest lecturer at DePaul and Northwestern University. Prior to joining SpiderLabs, Jibran was part of Trustwave's SOC where he helped Fortune 500 clients with their Security Architectures and deployments. Jibran holds a Bachelors of Science degree from Depaul University and Masters degree in Information Technology Management from Northwestern University.

Links:

• https://defcon.org/html/defcon-18/dc-18-speakers.html#Percoco2
• https://infocon.org/cons/DEF CON/DEF CON 18/DEF CON 18 video and slides/DEF CON 18 - Nicholas J. Percoco and Jibran Ilyas - Malware Freak Show 2 - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=rpDOZp2u550

Similar Presentations:

• DEF CON 19 (2011) / Malware Freak Show 3: They're pwning er'body out there!
• Black Hat USA 2010 / Malware Freak Show 2010: The Client-Side Boogaloo
• DEF CON 17 (2009) / Malware Freak Show