VB2015 paper: Digital 'Bian Lian' (face changing): the Skeleton Key malware

Posted by   Virus Bulletin on   Jan 19, 2016

Microsoft, Dell SecureWorks researchers analyse malware targeting Active Directory servers.

A year ago, researchers from Dell SecureWorks discovered a new kind of malware, dubbed 'Skeleton Key', that was used in targeted attacks.

The malware, which was installed on the target's domain controller, allowed the attacker to login as any user and thus perform any number of actions.

At VB2015, Microsoft researchers Chun Feng, Tal Be'ery and Michael Cherny, and Dell SecureWorks' Stewart McIntyre presented the paper "Digital 'Bian Lian' (face changing): the skeleton key malware". Today, we publish their paper as well as the video of their presentation.

You can read the paper here in HTML-format, or download it here as a PDF, and find the video on our YouTube channel, or embedded below.

Are you interested in presenting your research at the upcoming Virus Bulletin conference (VB2016), in Denver 5-7 October 2016? The call for papers is now open.



Posted on 19 January 2016 by Martijn Grooten
twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light…

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target…

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.