Friday 2 October 11:30 - 12:00, Green roomNeo Tan (Fortinet)
Micky Pun (Fortinet)
Eric Leung (Fortinet) download slides (PDF)From stealing sensitive information from Mitsubishi Heavy Industries in 2011 to the Anthem data breach revealed in February 2015, the complexity of the Derusbi malware family has been the real driving force behind these espionage campaigns. Upon entering a targeted company through an exploit of a newly discovered vulnerability, a Derusbi sample would be dropped onto the compromised computer with the purpose of setting up a well hidden 'gateway' to the targeted organization. Its sophistication, along with its uncommon malicious activity added to its covert presence and led to its hiding from the sight of many AV companies. As an illustration, our records reveal that many vendors did not start to detect a certain Derusbi variant until after it has been circulating among vendors for about half a year. In this presentation, instead of profiling the malware authors, we will mainly focus on the technical aspect of analysing the Derusbi malware family as well as how it has evolved through the years in order to stay under the radar of most AV vendors.Click here for more details about the conference.