DeepSec 2013 Talk: Malware Datamining And Attribution

René Pfeiffer/ November 13, 2013/ Conference, Security

The production of code leaves traces in the final binary. There can be debugging symbols present, which give you a lot of information. Maybe the binary has some commonly used libraries or functions. A lot of fingerprinting can be done with software. Why is this of interest? Well, there is the attribution problem of attacks and malicious software. Identifying where malware comes from can be crucial for the assessment of risks and the impact of compromised systems. Michael Boman has researched this topic and will present his findings in his talk titled Malware Datamining And Attribution at DeepSec 2013. Stuxnet and related malware is a prime example where the source of the code is of fundamental interest. Even for more „mundane“ code malware authors use leaves traces in their work which can be used

Read More

Talk: Defeating BlackBerry Malware & Forensic Analysis

René Pfeiffer/ November 2, 2011/ Conference

Mobile phones have caught up on the malware side. Your phone can most probably now be infected by malicious software and be part of a botnet in the worst case. How do you analyse compromised devices? Do you have the right tools at hand? Maybe you don’t need any tools for you won’t find anything. Sheran A. Gunasekera explains in his talk Defeating BlackBerry Malware & Forensic Analysis at DeepSec 2011 how the forensic analysis of malware can be defeated. In the recent years, more prominence has been given to BlackBerry malware either in the wild or to commercially available kinds. Traditionally, using signature based malware scanners have been the way to detect and remove these malicious programs. Most smartphones can be fitted with anti-virus/-malware scanners these days. However Sheran will look at a different

Read More