During an investigation, Michael discovered an attacker who was emailing himself from an infected user's account. He sent and received emails under the radar via Outlook extension malware. Countless times Michael has seen attackers forced to blend their malware communications with the noise on his clients' networks. The talk will start with a brief history lesson on malware and its use of the network for command-and-control and data theft. Then there will be some fun opening his malware vault to explore interesting specimens from the wild such as the Outlook Assistant and malware that tweets! The presentation will close by discussing how you can find and analyze malware that communicates on the network and why traditional network monitoring isn't enough - attackers will find a way out of your network no matter how small a funnel you put them through.