Mobile Malware Heuristics: The path from ‘eh' to ‘pretty good'

Presented at ToorCon San Diego 15 (2013), Oct. 19, 2013, 11 a.m. (50 minutes).

Malware on mobile phones is rapidly increasing. There are many reasons for this, but the primary one is the ease of monetizing malware on mobile phones, Attackers are incentivized to create more malware faster and cheaper. They are overwhelming the limited resources of malware researchers with this glut of cheap and "good enough" malware.

Malware can be identified by humans, but there is insufficient time to handle all that is released daily by malware writers. There is a need to develop both better heuristics and the tools that let an analyst separate the wheat from the chaff.

The presentation will cover not just the development of heuristics for mobile malware, but also its path from simple detection to more advanced and more successful(i.e fewer false positives) detection. Along the way we will cover the missteps and pitfalls that slow the development of automation. Included will be first steps at detecting malware that uses commercial obfuscation.

Presenters:

• Jimmy Shah
  Jimmy Shah is a Mobile Security Researcher specializing in analysis of mobile/embedded threats on existing platforms (J2ME, Symbian, Windows Phone, iOS, Android) and potential mobile malware and spyware. If it's lighter than a car, has a microprocessor, and is likely to be a target, it's probably his problem. He has presented on mobile threat research at a number of computer security conferences.

Links:

• https://infocon.org/cons/ToorCon/ToorCon 15 - 2013/Jimmy Shah - Mobile Malware Heuristics The path from 'eh' to 'pretty good'.mp4

Tags:

• Malware

Similar Presentations:

• ToorCon San Diego 13 (2011) / The Green Malware - Made From 100% Recycled Malware
• ekoparty 14 (2018) / To Execute or Not to Execute. How to Build a Malware Execution Lab
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!