1 of 15

Malware 2-4

20.11.2013

2 of 15

3 things ?

3 of 15

5 cents from me

http://nakedsecurity.sophos.com/2013/11/19/us-local-police-department-pays-cryptolocker-ransom/

4 of 15

5 cents from me

http://www.net-security.org/malware_news.php?id=2628

5 of 15

5 cents from me

http://www.net-security.org/malware_news.php?id=2629

http://malware.dontneedcoffee.com/2013/11/cve-2013-0074-silverlight-integrates.html

6 of 15

5 cents from me

http://www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol

http://securityaffairs.co/wordpress/19776/cyber-crime/singular-linux-backdoor.html

7 of 15

5 cents from me

http://krebsonsecurity.com/2013/11/vbulletin-breach-prompts-password-reset/

https://www.facebook.com/inj3ct0rs/posts/611793255548704

8 of 15

5 cents from me

http://doctorbeet.blogspot.com/2013/11/lg-smart-tvs-logging-usb-filenames-and.html

9 of 15

Plan for today

Your presentations

Clarification on processor aridecture

Network forensic ..

Lab time

10 of 15

Presentations ?!

11 of 15

Clarification on processor architecture

http://courses.cs.vt.edu/csonline/MachineArchitecture/Lessons/CPU/

12 of 15

Network ...

http://opensecuritytraining.info/Flow.html

http://workshop.netfilter.org/2013/wiki/images/1/1f/Eric_Leblond_IDS-suricata.pdf

13 of 15

Lab

Hints and other pcap

Enisa Pcap lab +

Pcap1 < even

or

Pcap2 < odd including 0

14 of 15

Results

Malware what is downloaded

Where from is downloaded

Any C&C or P2P connection data .

Timeline.

Snort or Suricata rule do detect.

How you did it ?

15 of 15

network lab ideas

suricata -l /folder/where /log/goes -r startstop.pcap

snort -qdexNA cmg -c all.rules -r startstop.pcap