Workshops‎ > ‎cs-ga-2010-1‎ > ‎cs-ga-2010‎ > ‎

Alex Shipp



Biography:

Alex is VP Advanced Threat Research at TrustDefender and with over ten years’ experience at MessageLabs (recently acquired by Symantec) Alex is a pioneer in the cyber security technology industry. He is best known for using massive computing power to detect malware and currently holds several patents in the area. He has developed a variety of products with some of the highest track records in the world and led the creation of in-the-cloud detection systems to protect customer’s infrastructure from malware infection via email and web traffic.


Abstract:

Learning from the bad guys is learning from the best
A practical overview on how the bad guys adopt and circumvent any security initiatives and what we can do about it

Zeus and Mebroot represent a large percentage of cybercrime committed around the world. This presentation will discuss how these trojans continue to be the most sophisticated Trojans that attack any security countermeasures by the financial institutions, ecommerce providers, … We look at how these Trojans constantly evolve and extend their reach to a much wider audience. We also look at the new javascript engine (dubbed Leprechaun) that enables the bad guys to harvest challenge response, one-time-passwords or any other dynamic authentication method in a very interactive and professional way. In a nutshell, it allows bypass of nearly all authentication mechanisms in place (e.g. SMS tokens, secret questions and even very elaborate challenge mechanisms use by some banks).

Furthermore we discuss what Mebroot is doing with its Sizzler CSS engine where we can find scary functions such as “CreateTransactions” that take all transaction details (including transaction one time passwords)
as parameters to automatically execute a wire transfer and how the bad guys get around any device fingerprinting that some service providers use.

Lastly we discuss some ways what we can do to improve the situation and to get back on top of these threats.


Presentation: