Adware is just malware with a legal department - how we reverse engineered OSX/Pirrit, received legal threats, and survived

Wednesday 3 October 17:00 - 17:30, Green room

Amit Serper (Cybereason)

This is the talk that adware makers don't want you to attend because it exposes the seedy world of adware and teaches you what to do when adware companies threaten you with legal action.

In 2016, I reverse engineered OSX.Pirrit. TargetingEdge, the company behind the program, claimed it was adware but it had more in common with malware, including the ability to run root privileges and hijack an infected Mac's HTTP traffic.

Last December, an even nastier variant of OSX.Pirrit emerged. Binary reverse engineering and analysis of thousands of lines of JavaScript, Bash and AppleScript showed that this version used new techniques to hijack browsers and can't be removed without deep OSX knowledge. TargetingEdge learned about my research and bombarded me and my employer with cease and desist letters. Undeterred, I worked with my company's lawyer to refute their allegations and publish the research.

Adware and legal scare tactics make the jobs of security professionals even more difficult. One jeopardizes user and company security and the other can stymie important research. This session will tackle both issues. Attendees will learn the risks that adware poses through the technical analysis that was performed, how to protect Mac from security threats, and why solid research is the best defence against legal threats from companies that develop predatory software.