Android Malware Characterisation. Giovanni Russello
|
|
- Ross French
- 8 years ago
- Views:
Transcription
1 Android Malware Characterisation Giovanni Russello
2 Analysis of Two Malware Families DroidKungFu and AnserverBot represent the most recent incarnation of malware engineering Since they first appearance several improvements have been coded to increase their stealthiness
3 DroidKungFu There are 6 different known variants of DroidKungFu They have appeared within a period of 6 months They contain Root-kit Exploits C&C Server comm Shadow Payloads Code Obfuscation
4 DroidKungFu Root Exploits 4 variants contain root exploits DroidKungFu is the first to use encrypted root-kit Root-kit are stored as assets to look like normal data files Initially the asset name was ratc (RageAgainstTheCage) Then it has been changed to myicon
5 DroidKungFu C&C Comm All the variants communicate with C&C servers To evade detection, the C&C servers addresses keep changing DroidKungFu1 uses a plaintext string in one of its Java classes DroidKungFu2 the address is moved to plain-text in native code DroidKungFu3 and DroidKungFu4 use encrypted names (stored in Java class and native code)
6 DroidKungFu Shadow Payload If the root-kit is successful, then a shadow app will be installed The user will not be aware of this app This app contains the same code as the malicious payload included in the repackaged app This means that in the event the user removes the host app, the shadow app will remain Variants encrypt the shadow app to evade detection and no icon is shown
7 DroidKungFu Code Obfuscation Extensive use of encryption for constant strings, C&C servers addresses, native payload and shadow app Keys are changed very often Extensive use of code obfuscation Use of native code and JNI to make more difficult code analysis DroidKungFuUpdate use the update attack to download the actual payload and evade static code analysis
8 AnserverBot One of the most advanced malware It uses evasion techniques not used before by any other Android malware It has been discovered in repackaged apps available in Chinese app markets It seems that is an evolution of the BaseBridge malware family
9 AnserverBot Anti Analysis It use the repackaging attack However, when installed it checks whether the hosting app has been tampered with It checks the signature and then it unfolds its payload It extensively uses code obfuscation to make it human unreadable The payload is split in three different apps The host app plus two shadow apps
10 AnserverBot Anti Analysis The shadow apps share the same package names Com.sec.android.touchScreen.server One shadow app is loaded through the update attack The other shadow app is dynamically loaded through JVM dynamic class load method However it is not installed! AnserverBot is able to load any code retrieved from the C&C server
11 AnserverBot AV Detection This malware is very aggressive It tries to detect if AV software is installed in the device It contains the encrypted names for security apps such as LBE, 360 MobileSafe If installed, the malware uses the restartpackage method to stop the AV and then displays an error message
12 AnserverBot C&C Comm AnserverBot supports two types of C&C servers One type is used for sending command The second one is used for retrieving encrypted payloads To reach the second one, it uses a encrypted entry posted in public blog providers - i.e. Sina and Baidu This entry contains the (encrypted) address of the second C&C server
13 The AVS race Given the rapid evolution of malware, AV software is lagging behind Mainly, AVS uses a signature based approach It relies on the content of its signature DB If an app signature is not there it is not a malware! How easy is to change the signature of an app? Very!
14 The AVS race Interesting report from Imperva fectiveness_of_antivirus_solutions.pdf Using unknown malware and submit to AVS The goal is to evaluate how effective AVS solutions are The results are really scary
15 Imperva Study Results Less than 5% of the malware were detected Most of the AVS cannot keep up with a fast changing landscape of malware families AVS requires up to 4 weeks to detect a new malware The best of the breed: the free ones! Although they had a very high false positive Consumers spend $4.5 billion while Enterprises $2.9 billion 1/3 of the total money spent on security software
16 Imperva Study Results It might be best to spend some resources on other type of software that is not AVS For AVS better to use free ones Note: this study is for PC malware But the same is true for Android-based AV
OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016
OS Security Malware (Part 2) & Intrusion Detection and Prevention Radboud University Nijmegen, The Netherlands Winter 2015/2016 A short recap Different categories of malware: Virus (self-reproducing, needs
More informationMalware detection methods for fixed and mobile networks
Malware detection methods for fixed and mobile networks Gavin McWilliams January 2013 g.mcwilliams@qub.ac.uk Academic Centre of Excellence in Cyber Security Research Presentation Outline Malware detection
More informationON THE EFFECTIVENESS OF MALWARE PROTECTION ON ANDROID
FRAUNHOFER RESEARCH INSTITUTION FOR APPLIED AND INTEGRATED SECURITY ON THE EFFECTIVENESS OF MALWARE PROTECTION ON ANDROID AN EVALUATION OF ANDROID ANTIVIRUS APPS RAFAEL FEDLER, JULIAN SCHÜTTE, MARCEL KULICKE
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationNQ Mobile 2011 Mobile Security Report An In-Depth Look at Mobile Threats, Vulnerabilities, and Challenges
NQ Mobile 2011 Mobile Security Report An In-Depth Look at Mobile Threats, Vulnerabilities, and Challenges NQ Mobile examines the current state of mobile devices and the security and privacy risks that
More informationMalware Detection in Android by Network Traffic Analysis
Malware Detection in Android by Network Traffic Analysis Mehedee Zaman, Tazrian Siddiqui, Mohammad Rakib Amin and Md. Shohrab Hossain Department of Computer Science and Engineering, Bangladesh University
More informationANDROID APP INSTALLATION AND SCANNING Lecture 11a
ANDROID APP INSTALLATION AND SCANNING Lecture 11a COMPSCI 702 Security for Smart-Devices Muhammad Rizwan Asghar March 24, 2016 APP REPACKAGING A major attack vector Attackers cannot forge signatures However,
More informationTrend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationDetection and Identification of Android Malware Based on Information Flow Monitoring
Detection and Identification of Android Malware Based on Information Flow Monitoring Radoniaina Andriatsimandefitra, Valérie Viet Triem Tong To cite this version: Radoniaina Andriatsimandefitra, Valérie
More informationPost-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware
Post-Stuxnet Industrial Security: Zero-Day Discovery and Risk Containment of Industrial Malware A White Paper presented by: Torsten Rössel Director of Business Development Innominate Security Technologies
More informationProtection Against Advanced Persistent Threats
Protection Against Advanced Persistent Threats Peter Mesjar Systems Engineer, CCIE 17428 October 2014 Agenda Modern Threats Advanced Malware Protection Solution Why Cisco? Cisco Public 2 The Problem are
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationCombating the Next Generation of Advanced Malware
Peter McNaull Director of Technical Marketing WatchGuard Combating the Next Generation of Advanced Malware Surviving APT Attacks Current State of AV Solutions Nearly 88% of malware morphs to evade signature-based
More informationOverview. Introduction. Conclusions WINE TRIAGE. Zero day analysis. Symantec Research Labs (SRL)
1 Overview Introduction WINE TRIAGE Zero day analysis Conclusions 2 5 locations: USA: Mountain View (CA), Culver City (CA), Herndon (VA) Europe: Dublin (IE), Sophia Antipolis(FR).. 4 thematic domains:
More informationStreamlined Malware Incident Response with EnCase
Streamlined Malware Incident Response www.encase.com/ceic C:\>whoami Joseph R. Salazar Information Technology since 1995 Information Security since 1997 Major (retired, USAR) with 22 years as a Counterintelligence
More informationThe Advantages of Using AVG Identity Protection
Reviewer s Guide AVG Identity Protection 8.5 1 Contents Who is AVG?... 3 What is AVG 8.5 Identity Protection?... 3 A Layered Security Approach... 4 The Changing Internet Security Landscape... 4 Identity
More informationCloud Services Prevent Zero-day and Targeted Attacks
Cloud Services Prevent Zero-day and Targeted Attacks WOULD YOU OPEN THIS ATTACHMENT? 2 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS Duqu Worm Causing Collateral Damage in a Silent Cyber-War Worm exploiting
More informationCORPORATE AV / EPP COMPARATIVE ANALYSIS
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationHow Lastline Has Better Breach Detection Capabilities. By David Strom December 2014 david@strom.com
How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationResearch Project 2: Metasploit-able Honeypots
Project 2: wouter.katz@os3.nl University of Amsterdam July 4th 2013 How feasible is an automated method to detect specific exploits on a honeypot by monitoring network traffic of exploits? What setup is
More informationIntroduction to Android
Introduction to Android 26 October 2015 Lecture 1 26 October 2015 SE 435: Development in the Android Environment 1 Topics for Today What is Android? Terminology and Technical Terms Ownership, Distribution,
More informationSurviving and operating services despite highly skilled and well-funded organised crime groups. Romain Wartel, CERN CHEP 2015, Okinawa
Surviving and operating services despite highly skilled and well-funded organised crime groups Romain Wartel, CERN CHEP 2015, Okinawa 1 Operation Windigo (2011 - now) 30,000+ unique servers compromised
More information(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation
(U)SimMonitor: A New Malware that Compromises the Security of Cellular Technology and Allows Security Evaluation DR. C. NTANTOGIAN 1, DR. C. XENAKIS 1, DR. G. KAROPOULOS 2 1 DEPT. O F DIGITAL SYST EMS,
More informationAdvanced Persistent Threats
Emilio Tonelli Senior Sales Engineer South Europe WatchGuard Technologies, Inc. Advanced Persistent Threats the new security challenge Are you protected? Current Threat Landscape 2 Global Threat Landscape:
More information1,300 Developers Speak
1,300 Developers Speak Runtime Intelligence for WP7 exceeds developer expectations : 87.1% of developers with apps on the marketplace indicate that Runtime Intelligence for Windows Phone either set the
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationInception: APT Campaign Spanning PCs, Mobile, the Cloud, and Home Routers
SESSION ID: BR-T10 Inception: APT Campaign Spanning PCs, Mobile, the Cloud, and Home Routers Snorre Fagerland Sr. Principal Security Researcher Blue Coat Systems @SnorreFagerland Waylon Grange Sr. Threat
More informationAGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions
MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationAndroid Malware Past, Present, and Future
Android Malware Past, Present, and Future Author: Carlos A. Castillo Mobile Security Working Group McAfee Table of Contents Executive Summary 3 Introduction 3 The History of Android Malware 4 Android Fundamentals
More informationThe Mobile Malware Problem
The Mobile Malware Problem Eddy Willems Security Evangelist G Data Security Labs Director Security Industry Relationships - EICAR eddy.willems@gdata.de Introduction Security Evangelist at G Data: Privately
More informationWhat s Next for Network Security - Visibility is king! Gøran Tømte March 2013
What s Next for Network Security - Visibility is king! Gøran Tømte March 2013 Technology Sprawl and Creep Aren t the Answer More stuff doesn t solve the problem Firewall helpers have limited view of traffic
More informationWHITEPAPER. Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users
Fraud Protection for Native Mobile Applications Benefits for Business Owners and End Users Table of Contents How TrustDefender Mobile Works 4 Unique Capabilities and Technologies 5 Host Application Integrity
More informationThe evolvement of the Threat Landscape. Viktor Ziegler, Account Manager Germany & Eastern Europe March 2014
Security Reimagined The evolvement of the Threat Landscape Viktor Ziegler, Account Manager Germany & Eastern Europe March 2014 Mobile Cloud Social Big Data Current Threat Landscape Innovation Creates
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationPost-Stuxnet Industrial Security
Post-Stuxnet Industrial Security Zero-Day Discovery and Risk Containment of Industrial Malware with Innominate mguard Technology Introduction Following its discovery in June 2010, the Stuxnet worm triggered
More informationThe Ultimate Reason Why Hackers Are Winning The Mobile Malware Battle
SESSION ID: HTA-R03 The Ultimate Reason Why Hackers Are Winning The Mobile Malware Battle Yair Amit CTO & Co-Founder Skycure Adi Sharabani CEO & Co-Founder Skycure Agenda Evolution of mobile malware Malware
More informationDriving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder
Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats Eva Chen CEO and Co-Founder Consistent Vision for 25 Years A world safe for exchanging
More informationBe Prepared for Java Zero-day Attacks
Threat Report Be Prepared for Java Zero-day Attacks Malware Analysis: Malicious Codes spread via cloud-based data storage services December 19, 2013 Content Overview... 3 Distributing Malicious E-mails
More informationVulnerability-Focused Threat Detection: Protect Against the Unknown
Vulnerability-Focused Threat Detection: Protect Against the Unknown Vulnerabilities and threats are being discovered at a pace that traditional exploit-based attack detection technology cannot meet. Vulnerability-focused
More informationThis is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware
This is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware What I will talk about.. Challenges we faced on android malware analysis: Fast code analysis (Reversing)
More informationMessing with the Android Runtime
Northeastern University Systems Security Lab Messing with the Android Runtime Collin Mulliner, April 26th 2013, Singapore crm[at]ccs.neu.edu SyScan Singapore 2013 $ finger collin@mulliner.org 'postdoc'
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationNetwork Security Solution. Arktos Lam
Network Security Solution Arktos Lam Dell Software Group(DSG) 2 Confidential Trend Dell Software addresses key trends Cloud Big data Mobility Security Management Security 3 Software We deliver security
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationTHE SCRIPTING THREAT GAINING POPULARITY
THE SCRIPTING THREAT GAINING POPULARITY May 2016 By Tamara Leiderfarb Technology Leader Advanced Host Threat Prevention CONTENTS Introduction... 2 Moving to Scripting... 3 File-less Malware... 7 Scripting
More informationTargeted(Attacks(Against( Civil(Society(in(Asia. Or(why(you(should(check(the(md5( before(opening(this(deck.
Targeted(Attacks(Against( Civil(Society(in(Asia Or(why(you(should(check(the(md5( before(opening(this(deck. Katie&Kleemola Citizen'Lab,'Munk School'of'Global'Affairs,' University'of'Toronto katie@citizenlab.org
More informationBreaking the Cyber Attack Lifecycle
Breaking the Cyber Attack Lifecycle Palo Alto Networks: Reinventing Enterprise Operations and Defense March 2015 Palo Alto Networks 4301 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com
More informationHost-based Intrusion Prevention System (HIPS)
Host-based Intrusion Prevention System (HIPS) White Paper Document Version ( esnhips 14.0.0.1) Creation Date: 6 th Feb, 2013 Host-based Intrusion Prevention System (HIPS) Few years back, it was relatively
More informationSymantec Advanced Threat Protection: Network
Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationCheck Point: Sandblast Zero-Day protection
Check Point: Sandblast Zero-Day protection Federico Orlandi Itway Support Engineer 2015 Check Point Software Technologies Ltd. 1 Check Point Threat Prevention SandBlast IPS Antivirus SandBlast stops zero-day
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationCIT 480: Securing Computer Systems. Malware
CIT 480: Securing Computer Systems Malware Topics 1. Anti-Virus Software 2. Virus Types 3. Infection Methods 4. Rootkits 5. Malware Analysis 6. Protective Mechanisms 7. Malware Factories 8. Botnets Malware
More informationResearch on Monitoring Method of. Permission Requests by Mobile Applications
Contemporary Engineering Sciences, Vol. 7, 2014, no. 31, 1683-1689 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411226 Research on Monitoring Method of Permission Requests by Mobile
More informationMaking Client-side Java Secure with Bromium vsentry
Making Client-side Java Secure with Bromium vsentry Making Client-side Java Secure Client-side Java has become somewhat of an IT pariah, primarily as a result of the growing list of Java vulnerabilities
More informationNetDefend Firewall UTM Services
Product Highlights Intrusion Prevention System Dectects and prevents known and unknown attacks/ exploits/vulnerabilities, preventing outbreaks and keeping your network safe. Gateway Anti Virus Protection
More informationReputation based Security. Vijay Seshadri Zulfikar Ramzan Carey Nachenberg
Reputation based Security Vijay Seshadri Zulfikar Ramzan Carey Nachenberg Agenda Reputation Based Security The Problem Reputation Concept Implementing Reputation Deploying Reputation Conclusion 2 The Problem
More informationWhite Paper. Advantage FireEye. Debunking the Myth of Sandbox Security
White Paper Advantage FireEye Debunking the Myth of Sandbox Security White Paper Contents The Myth of Sandbox Security 3 Commercial sandbox evasion 3 Lack of multi-flow analysis and exploit detection 3
More informationCloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer. [Restricted] ONLY for designated groups and individuals
Cloud Services Prevent Zero-day and Targeted Attacks Tom De Belie Security Engineer Facts 2 3 WOULD YOU OPEN THIS ATTACHMENT? 4 TARGETED ATTACKS BEGIN WITH ZERO-DAY EXPLOITS 5 Check Point Multi-Layered
More informationIntegrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013
Integrated Approach to Network Security Lee Klarich Senior Vice President, Product Management March 2013 Real data from actual networks 2 2012, Palo Alto Networks. Confidential and Proprietary. 2008: HTTP,
More informationProtecting the Infrastructure: Symantec Web Gateway
Protecting the Infrastructure: Symantec Web Gateway 1 Why Symantec for Web Security? Flexibility and Choice Best in class hosted service, appliance, and virtual appliance (upcoming) deployment options
More informationTRENDS IN THE THREAT LANDSCAPE
TRENDS IN THE THREAT LANDSCAPE Guy Eilon, SEE Regional Manager April 2013 geilon@websense.com TRITON STOPS MORE THREATS. WE CAN PROVE IT. 2013 Websense, Inc. Page 1 CHANGING CUSTOMERS NEEDS 90% of companies
More informationNetgator: Malware Detection Using Program Interactive Challenges. Brian Schulte, Haris Andrianakis, Kun Sun, and Angelos Stavrou
Netgator: Malware Detection Using Program Interactive Challenges Brian Schulte, Haris Andrianakis, Kun Sun, and Angelos Stavrou Intro Increase of stealthy malware in enterprises Obfuscation, polymorphic
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationHow we keep harmful apps out of Google Play and keep your Android device safe
How we keep harmful apps out of Google Play and keep your Android device safe February 2016 Bad apps create bad experiences, so we work hard to keep them off your device and out of Google Play. In 2015,
More informationHesperbot. Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone
Hesperbot Analysts at IKARUS Security Software GmbH successfully removed a self-locking Android Malware from an infected smartphone Android malware is evolving at an alarming rate and becoming more aggressive
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationIBM X-Force 2012 Cyber Security Threat Landscape
IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in
More informationInternet Monitoring via DNS Traffic Analysis. Wenke Lee Georgia Institute of Technology
Internet Monitoring via DNS Traffic Analysis Wenke Lee Georgia Institute of Technology 0 Malware Networks (Botnets) 1 From General-Purpose to Targeted Attacks 11/14/12 2 Command and Control l Botnet design:
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationVESZPROG ANTI-MALWARE TEST BATTERY
VESZPROG ANTI-MALWARE TEST BATTERY 2012 The number of threats increased in large measure in the last few years. A set of unique anti-malware testing procedures have been developed under the aegis of CheckVir
More informationDeciphering and Mitigating Blackhole Spam from Email-borne Threats
Deciphering and Mitigating Blackhole Spam from Email-borne Threats Samir Patil Symantec Deciphering and Mitigating Blackhole Spam from Email-borne Threats 1 Outline 1 Background 2 Detection Challenges
More informationWebView addjavascriptinterface Remote Code Execution 23/09/2013
MWR InfoSecurity Advisory WebView addjavascriptinterface Remote Code Execution 23/09/2013 Package Name Date Affected Versions Google Android Webkit WebView 23/09/2013 All Android applications built with
More informationAndroid Commercial Spyware Disease and Medication
Android Commercial Spyware Disease and Medication By Eng. Mustafa Saad Computer Engineer 2003 Mobile App Developer 2011 Mobile Security Researcher 2012 Udemy Premium Instructor 2014 March 2016 Agenda Introduction.
More informationThe Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud
The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery
More informationDatabase security issues PETRA BILIĆ ALEXANDER SPARBER
Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information
More informationAn Introduction to Incident Detection and Response Memory Forensic Analysis
An Introduction to Incident Detection and Response Memory Forensic Analysis Alexandre Dulaunoy - TLP:WHITE a@foo.be February 6, 2015 An overview to incident response Detection Analysis Containment Investigation
More informationCisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence
White Paper Cisco AppHQ Enterprise Application Center: Deploy Mobile Business Apps with Confidence The Enterprise Exposed The post-pc era is here, thanks to next-generation mobile devices and applications.
More informationThreat Spotlight: Angler Lurking in the Domain Shadows
White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationBenefits of Machine Learning. with Behavioral Analysis in Detection of Advanced Persistent Threats WHITE PAPER
Benefits of Machine Learning with Behavioral Analysis in Detection of Advanced Persistent Threats WHITE PAPER Overview The Evolution of Advanced Persistent Threat Detection Computer viruses have plagued
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationDetecting the One Percent: Advanced Targeted Malware Detection
Detecting the One Percent: Advanced Targeted Malware Detection Tomer Teller Check Point Software Technologies Session ID: SP02-T19 Session Classification: Intermediate Antivirus 20 th+ Anniversary The
More informationHey,You, GetOffofMy Market: Detecting Malicious Apps in Official and Alternative Android Markets
Hey,You, GetOffofMy Market: Detecting Malicious Apps in Official and Alternative Android Markets Yajin Zhou Zhi Wang Wu Zhou Xuxian Jiang Department of Computer Science North Carolina State University
More informationAdvanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer
Advanced Online Threat Protection: Defending Your Online Banking Customers Against Modern Malware and Fraud Andrew Bagnato Senior Systems Engineer Agenda Modern malware a targets Account credentials Financial
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More information