Last-minute paper: Adventures in open directories

Thursday 25 September 11:00 - 11:30, Green room.

Matt Bing Arbor Networks

  download slides (PDF)

Every botnet operator makes operational mistakes, from the most targeted advanced threat campaign to the simplest click fraud operation. By leveraging a simple technique in Arbor's malware processing system, we are able to mine botnet web servers for inadvertently exposed information. Using the list of URLs visited by malware during sandbox execution as input, we trim the filename from the URL and look for evidence of an open directory that contains other accessible files. Utilizing this technique in the course of the past year, we've found entirely new malware families, detailed logs of infections, unencrypted Bitcoin wallets, and botnet configuration details including passwords.

Click here for more details about the conference.

Matt Bing

Matt Bing

Matthew Bing received his Master's degree in computer science from Grand Valley State University in 2000, where he studied intrusion detection and large-scale logging infrastructures. He then moved to Ann Arbor to work as a security engineer at Anzen Computing (which was later acquired by NFR Security). At NFR, Matt developed and implemented intrusion detection systems as a member of the Rapid Response Team. Matt joined the University of Michigan in 2004, where he led the design, rollout, and implementation of an IT security incident management program across campus. Over the years, Matt led the response to many incidents, including several high-profile cases. Matt currently works as a security researcher at Arbor Networks' ASERT.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.