Presented at ToorCon San Diego 13 (2011)
Oct. 9, 2011, 3 p.m.
Malware is prevalent than ever before. Some think that most of these malware are new. But a lot of them are not. Most of them are reincarnations of old malware but this time they are more resilient resulting to non-detection by AV products. Making them free to roam and infect. In this presentation, I will demonstrate how an old malware code and an old malware binary can be modified and given new life, free to infect again, without the latest AV technologies being able to detect them. And to add more to the headache of security professionals, the recycling of malware can be done automatically in bulk as I will show in a live demonstration. But there is hope. If an AV researcher, such as myself, is lucky enough to get their hands on these technologies, the good guys will have a fighting chance to thwart the onslaught of green malware.
Christopher Elisan, is a Senior Research Analyst at Damballa, Inc., a provider of network security solutions that detect criminal activities. Elisan has a long history of digital threat and malware expertise, reversing, research, and product development including being an early pioneer of Trend Micro's TrendLabs, and a manager-researcher role during his years with F-Secure. He established and led F-Secure's Asia R&D and spearheaded multiple projects that include vulnerability discovery, web security and mobile security. Elisan frequently provides expert opinion about malware, botnets, and advance persistent threats for leading industry, and mainstream publications including USA Today, San Francisco Chronicle, SC magazine, InformationWeek, Fox Business, and Dark Reading.