Mobile phones have caught up on the malware side. Your phone can most probably now be infected by malicious software and be part of a botnet in the worst case. How do you analyse compromised devices? Do you have the right tools at hand? Maybe you don’t need any tools for you won’t find anything. Sheran A. Gunasekera explains in his talk Defeating BlackBerry Malware & Forensic Analysis at DeepSec 2011 how the forensic analysis of malware can be defeated.
In the recent years, more prominence has been given to BlackBerry malware either in the wild or to commercially available kinds. Traditionally, using signature based malware scanners have been the way to detect and remove these malicious programs. Most smartphones can be fitted with anti-virus/-malware scanners these days. However Sheran will look at a different mechanism of defeating malware. By employing similar techniques that „conventional“ malware uses, he will explore means of greatly reducing the signal-to-noise ratio of exfiltrated data. Four distinct techniques will be explored including data flooding and USB port trapping to render any usable, exfiltrated data as useful as a pile of digital garbage. In coincidence with the talk there will be the release of the white-paper and open source malware defeating toolkit: MaDTool.
If you want to know how end-users can make use of this toolkit to defeat not only malware, but also forensic analysis on their BlackBerry devices, then this talk is for you. You might also want to attend if you are worried about data loss and have to counter data exfiltration from your network infrastructure, or for other reasons we won’t publish here.