Last-minute presentations:
14:40 - 15:00 There is (some) honour among South American authors of infostealer trojans! Pedro Bueno, McAfee
15:00 - 15:20 Apple iPhone programming with SDK Marius van Oers, McAfee
download slides (PDF)
14:40 - 15:00 There is (some) honour among South American authors of
infostealer trojans!, Pedro Bueno, McAfee
In the current malware world, it is easy to spot stolen code
being used by malware authors. However, the so-called banker
infostealer trojans offer us a new way to see the cooperation
amongst malware authors. The password-stealing trojans that
focus on banking information are well-known pieces of malware.
The evolution that has been observed in this specific kind of
trojan is clear, including components that were added to the
malware schema, downloaders and their redundancies,
IM-spreading worms, targeted banking and cross-cultural trojan
development. While the delivery method tends to be the same,
using seasonal and common phishing emails to install small
downloaders to get the large banker binaries, the actual
backend malware will act in a different way. Historical rivals
on the football (or soccer) field, Brazil and Argentina seem to
have decided to join forces in the malware-writing world,
particularly in the development of banking trojans, and we
shall see in this presentation exactly how close they are on
the malware development criminal schema.
But not all criminal minds thinks alike in South America, and
we will also be able to understand the differences between the
Brazil-Argentina alliance and malware developers in other
neighbouring countries, like Colombia and Peru, who went down a
different implementation route including their coding
techniques and vectors utilized.
15:00 - 15:20 Apple iPhone programming with SDK, Marius van Oers, McAfee
Apple's iPhone programming was initially locked down, and even
though there were ways/cracks around that, it didn't officially
allow external 'native' application programming, allowing
mainly external Web 2.0-based applications.
Early in 2008 Apple introduced an SDK (Software Development
Kit) for the iPhone. There were at least seven beta versions of
the SDK which could be freely downloaded. On the Apple iPhone
many functions are neatly integrated - which is very useful,
but it could in theory also be abused by malware. The address
book not only keeps records of a contact's name and address
information, its framework can be called by SMS and mail and
also by custom third-party applications. It is possible to
create a new contact or change existing contact information,
for example changing a contact's telephone number to a costly
'adult' number, which can be annoying. Even worse, a
combination of a mass-mailer and auto-dialler might not be
impossible. As well as an annoyance this could result in huge
financial burdens on consumers.
This presentation takes a look at what Apple iPhone programming
with an SDK can do and what possible new malware attack vectors
could arise from it.
