Talk: FakeAntiVirus – Journey from Trojan to a Persisent Threat
You run the latest software defending you against malicious code. You have your best filters deployed. Your firewalls are tight as granite. Your crypto is flawless. Your authentication is watertight. But you’re still being attacked and have probably been compromised. What happened?
There’s always the attack vector through social engineering. Combine this with a web site or a dialogue box that warns your staff about a potential security breach and tricks them into installing code manually, most commonly by disguising as Anti Virus software (hence the name FakeAntiVirus). Infection can be done by browser plug-in / add-on (think toolbars or other convenient items) or more complex means. Once the tool is installed, it takes control of your system(s), phones home or does other tasks as told by its new owner. Provided the cover is really good, you may end up being a victim to a persistent threat with more subtle security breaches to come.
So it’s time that you learn to understand how this rogueware works. Fortunately you can attend the talk of Jagadeesh Chandraiah at DeepSec 2011. He will give you a brief picture of different types of Fakeantivirus, how they were born and evolved, what they do and how industry is tackling this threat. You will get in-depth information on how this malware is sold/created in underground forums. Jagadeesh will also explain the inner workings of packers used for producing FakeAntiVirus code and investigate how the business network of the coders work.
If you want or have to counter this threat, then this talk at DeepSec 2011 is your starting point. You will learn how to recognise and stop threats from FakeAntiVirus and related malicious software. Don’t forget that the trend has already „infected“ mobile devices (think any application store) and Mac OS X is doing well, too.