Modern Malvertising and Malware web-based exploit campaigns

Presented at AppSec USA 2015, Sept. 25, 2015, 10:30 a.m. (55 minutes)

The purpose of this presentation will be to introduce the audience to new techniques attackers are using to target users of web applications for exploitation. The first part of this presentation will be an introduction to the modern Malware landscape, with a breakdown of the top 5 types of malware being actively used in campaigns to target end users of web applications. Of interest, though perhaps unsurprising - the top three are not what we traditionally think of as "malware" in the sense of exploitative code or remote backdoors - but aimed at direct monetization of the user. The second part of this presentation will be a technical walkthrough a real-world modern malvertising & malware campaign, and break down each step of the attack, and each distribution & obfuscation layer. This walkthrough will be the bulk of the presentation (30 minutes), leaving time for Q & A at the end. Time permitting, we may provide more examples of modern campaigns/malware.


  • James Pleger - Head of Research - RiskIQ
    I am currently the Head of Research at RiskIQ, focusing our efforts on improving our customers lives by taking an outside-in approach to security. Part of this effort is ensuring that ad networks and exchanges are able to combat malware and other sources of malicious activities. Additionally, our team focuses on bringing new technologies and detection methodologies to help ensure that we are keeping up with the threat landscape as it evolves.


Similar Presentations: