Explore modern malvertising and web-based malware exploit campaigns in this 55-minute OWASP AppSec California 2015 conference talk. Gain insights into the current malware landscape, focusing on the top five types targeting web application users. Discover how attackers are shifting towards direct user monetization rather than traditional exploitative code. Follow a detailed technical walkthrough of a real-world malvertising and malware campaign, examining each step of the attack and its distribution and obfuscation layers. Learn about traffic distribution systems, video ad banners, cloud components, and real-time bidding in the context of these threats. Understand the impact on mobile devices, browsers, and various industries, and explore best practices for protecting against these evolving attack vectors.
Modern Malvertising and Malware Web-Based Exploit Campaigns
Overview
Syllabus
Intro
Arian Evans
Misconceptions
Mobile threats state
Monetization overview
Attack vectors
Fake software
Ecosystem
Browser Locker
Traffic Distribution Systems
Video Ad Banner
Domains
Infrastructure
Cloud components
Realtime bid
Windows
Double USB
couscous time
wide example
adult example
accounting issues
impacted care
things you own
accident personation
industry best interest
analytics
Taught by
OWASP Foundation
