Wednesday 30 September 11:30 - 12:00, Green roomPeter Kalnai (Avast Software)
Jaromir Horejsi (Avast Software) download slides (PDF)DDoS threats have been out there since the Internet took over half of global communication, posing the real problem of denial of access to online service providers. Recently, a new trend emerged in non-Windows DDoS attacks that was induced by code availability, lack of security, and an abundance of resources. The attack infrastructure has undergone significant structural, functional and complexity changes. Malicious aspects have evolved into complex and relatively sophisticated pieces of code, employing compression, advanced encryption and even rootkit capabilities. Targeted machines run systems supporting the ELF format - anything from desktops and servers to IoT devices like routers or digital video recorders (DVRs) could be at risk.In this session, we will look at the current state of DDoS trojans forming covert botnets on unsuspecting systems. A technical analysis of the most important malware families will be provided, with a specific focus on infection methods, dynamic behaviour, C&C communication, obfuscation techniques, advanced methods of persistence and stealth, and elimination of rivals. We will be studying cybercriminals' behaviour and introducing their operation tools, including vulnerability scanners, brute-forcers, bot builders and C&C panels. In many cases, it's unnecessary to apply reverse engineering within the analysis - the original source codes are indexed in public search engines and their customization is a subject of monetization. Finally, we will introduce tracking methods and techniques and will reveal the targets of these attacks.Click here for more details about the conference.