Speaker: Giovanni Vigna (UC Santa Barbara and LastLine Inc., USA)
Giovanni Vigna is a Professor in the Department of Computer Science at the University of California in Santa Barbara and the CTO of Lastline, Inc. His current research interests include malware analysis, web security, vulnerability assessment, and intrusion detection. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy (S&P 2011). He is known for organizing and running the world's largest inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world.
Title: Malevolution: the evolution of evasive malware
In recent years, malware has evolved by introducing novel techniques to foil analysis and identification. For example, cybercriminals routinely tweak their malicious web content to create new and more effective variants (for example, by incorporating exploits targeting newly-discovered vulnerabilities) or to evade commonly-used defensive tools. In addition, the programs that persist on infected machines are increasingly more stealthy and environment-aware.
In this presentation, we present research on characterizing, tracking, and analyzing the evolution of evasive malware (both in binary form and as web content). We highlight possible approaches for the automated detection of evasions, and we describe our experience in observing evasive malware in a number of real-world deployments.