Wednesday 24 September 15:00 - 15:30, Green room.Micky Pun FortinetNeo Tan Fortinet This paper is available online (HTML, PDF). Often identified by its capabilities of spreading through Skype and injecting bank pages, Caphaw, also known as Shylock, has been a low-profile, yet persistent player on the botnet scene since 2011. This is a rare botnet that was released with complete functionality - standing in stark contrast to most botnet malware that is released prematurely into the wild. The intricately designed code structure, together with various obfuscation and anti-sandbox techniques, made it difficult for analysts to build a complete profile of its malicious behaviour. In this presentation, we will discuss the technical aspects of handling anti-reversing strategies devised by the malware writer and evaluate how Caphaw's 'pluginer' capability could position itself as a robust APT player in the future.