Last-minute paper: Adventures in open directories

Thursday 25 September 11:00 - 11:30, Green room.

Matt Bing Arbor Networks

  download slides (PDF)

Every botnet operator makes operational mistakes, from the most targeted advanced threat campaign to the simplest click fraud operation. By leveraging a simple technique in Arbor's malware processing system, we are able to mine botnet web servers for inadvertently exposed information. Using the list of URLs visited by malware during sandbox execution as input, we trim the filename from the URL and look for evidence of an open directory that contains other accessible files. Utilizing this technique in the course of the past year, we've found entirely new malware families, detailed logs of infections, unencrypted Bitcoin wallets, and botnet configuration details including passwords.

Click here for more details about the conference.

Matt Bing

Matt Bing

Matthew Bing received his Master's degree in computer science from Grand Valley State University in 2000, where he studied intrusion detection and large-scale logging infrastructures. He then moved to Ann Arbor to work as a security engineer at Anzen Computing (which was later acquired by NFR Security). At NFR, Matt developed and implemented intrusion detection systems as a member of the Rapid Response Team. Matt joined the University of Michigan in 2004, where he led the design, rollout, and implementation of an IT security incident management program across campus. Over the years, Matt led the response to many incidents, including several high-profile cases. Matt currently works as a security researcher at Arbor Networks' ASERT.