Malware: Where Does It Come From?

Presented at RVAsec 2022, June 17, 2022, 3 p.m. (50 minutes).

We analyzed more than 100 thousand HTTP/HTTPS malware downloads from the past two years to answer one seemingly straightforward question: Where does malware come from? More specifically, we want to understand exactly what kicked off the chain of events that led to the malware download. Did the malware download originate from social media, phishing emails, compromised websites, unsavory websites, or somewhere else? Was the URL of the malware download somewhere unsavory or seemingly innocuous? Do different malware families tend to come from different places on the web? We will answer these and other related questions and wrap up the presentation by discussing what we can do with all of this information to reduce our own risk as we browse the web.


Presenters:

  • Ray Canzanese - Netskope
    Ray is the Director of Netskope Threat Labs, which specializes in cloud-focused threat research. His background is in software anti-tamper, malware detection and classification, cloud security, sequential detection, and machine learning. He holds a Ph.D. in Electrical Engineering from Drexel University. Most recently, Ray was the CTO of cloud security startup Sift Security.

Links:

Similar Presentations: