Will It Blend? How Evil Software Clogs the Pipes

Presented at HOPE X (2014), July 20, 2014, 11 a.m. (60 minutes)

During an investigation, Michael discovered an attacker who was emailing himself from an infected user's account. He sent and received emails under the radar via Outlook extension malware. Countless times Michael has seen attackers forced to blend their malware communications with the noise on his clients' networks. The talk will start with a brief history lesson on malware and its use of the network for command-and-control and data theft. Then there will be some fun opening his malware vault to explore interesting specimens from the wild such as the Outlook Assistant and malware that tweets! The presentation will close by discussing how you can find and analyze malware that communicates on the network and why traditional network monitoring isn't enough - attackers will find a way out of your network no matter how small a funnel you put them through.

Presenters:

• Michael Sikorski
  Michael Sikorski is a well-known expert in malware analysis and co-author of the No Starch Press book Practical Malware Analysis. He is a technical director at Mandiant, where he runs the malware analysis team. His previous employers include the National Security Agency and MIT Lincoln Laboratory. Mike frequently teaches reverse engineering to global audiences.

Links:

• http://x.hope.net/schedule.html#willitblen
• https://www.youtube.com/watch?v=xhOtDIho3JE

Similar Presentations:

• Black Hat Europe 2014 / Counterfeiting the Pipes with FakeNet 2.0
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• ekoparty 14 (2018) / To Execute or Not to Execute. How to Build a Malware Execution Lab