Black Hat Japan 2006 Briefings: Catching Malware
Together with Georg, I gave a talk at the recent Black Hat Japan 2006 Briefings. Our talk with the rather lengthy title "Catching Malware: Detecting, Tracking, and Mitigating Botnets" went well and the conference was - as ususal - pretty interesting. The slides are now available.
Description from the Black Hat page:
"Botnets pose a severe threat to the today’s Internet community. We show a solution to automatically, find, observe, and shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automatically collect bots with the help of the tool nepenthes. We present the architecture and give technical details of the implementation. After some more words on the effectiveness of this approach we present an automated way to analyze the collected binaries. All these steps can be automated to a high degree, allowing us to build a system that autonomously collects information about existing botnets. This information can then be aggregated and correlated to learn even more. As a result, we obtain information that can be used to mitigate the threat, e.g., as a warning-system within networks or as an information ressource for CERTs. We conclude the talk with an overview of lessons learned and point out further research topics in the area of botnet tracking. Attentands are expected to have a basic knowledge of honeypots and how honeynets work. All necessary information about bots/botnets will be introduced during the talk and the live demonstrations."
Description from the Black Hat page:
"Botnets pose a severe threat to the today’s Internet community. We show a solution to automatically, find, observe, and shut down botnets with existing opensource tools, partially developed by us. We start with a discussion of a technique to automatically collect bots with the help of the tool nepenthes. We present the architecture and give technical details of the implementation. After some more words on the effectiveness of this approach we present an automated way to analyze the collected binaries. All these steps can be automated to a high degree, allowing us to build a system that autonomously collects information about existing botnets. This information can then be aggregated and correlated to learn even more. As a result, we obtain information that can be used to mitigate the threat, e.g., as a warning-system within networks or as an information ressource for CERTs. We conclude the talk with an overview of lessons learned and point out further research topics in the area of botnet tracking. Attentands are expected to have a basic knowledge of honeypots and how honeynets work. All necessary information about bots/botnets will be introduced during the talk and the live demonstrations."
".
