Explore a comprehensive analysis of malware evolution and techniques in this NolaCon 2019 conference talk. Delve into the origins and progression of various malware strains, including Windtail, Blowup, and Tego. Examine the intricate methods employed by attackers, such as fake search sites, Flash updates, and Chrome extensions. Learn about the use of Selenium, JavaScript, and parking domains in malware distribution. Investigate the impact of Apple revoking certificates and the significance of URL components in identifying threats. Gain insights into detection and prevention strategies, including the use of VirusTotal and Security APIs. Understand the importance of high-fidelity indicators and the challenges posed by Adobe Reader exploits. Conclude with key takeaways to enhance your cybersecurity knowledge and defensive capabilities against evolving malware threats.
Overview
Syllabus
Intro
How it all started
Whats going on
Over the months
Windtail
Blowup
The Clip
The Rabbit Hole
The Script Went Cold
Evolution
Tego
Double IPA
Wind Tail
What is it
Selenium
Fake Search Site
Fake Flash Updates
Parking Domains
Sample Site
Sample Pages
Chrome Extension
JavaScript
Demo
Apple revoking certs
URL Components
Net Connection
Virus Total
Security API
Detect and Prevent
Attack IDs
Death By 1000
Why Care
Why Dont We
High Fidelity Indicator
Adobe Reader
Malware Tech
Adobe
Takeaways
