Adware is just malware with a legal department - how we reverse engineered OSX/Pirrit, received legal threats, and survived

Wednesday 3 October 17:00 - 17:30, Green room

Amit Serper (Cybereason)



This is the talk that adware makers don't want you to attend because it exposes the seedy world of adware and teaches you what to do when adware companies threaten you with legal action.

In 2016, I reverse engineered OSX.Pirrit. TargetingEdge, the company behind the program, claimed it was adware but it had more in common with malware, including the ability to run root privileges and hijack an infected Mac's HTTP traffic.

Last December, an even nastier variant of OSX.Pirrit emerged. Binary reverse engineering and analysis of thousands of lines of JavaScript, Bash and AppleScript showed that this version used new techniques to hijack browsers and can't be removed without deep OSX knowledge. TargetingEdge learned about my research and bombarded me and my employer with cease and desist letters. Undeterred, I worked with my company's lawyer to refute their allegations and publish the research.

Adware and legal scare tactics make the jobs of security professionals even more difficult. One jeopardizes user and company security and the other can stymie important research. This session will tackle both issues. Attendees will learn the risks that adware poses through the technical analysis that was performed, how to protect Mac from security threats, and why solid research is the best defence against legal threats from companies that develop predatory software.

 

Amit-Serper-web.jpg

Amit Serper

Amit leads the security research at Cybereason's Noctornus group in the company's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS. He also has extensive experience researching, reverse engineering, and exploiting IoT devices of various kinds. Prior to joining Cybereason four years ago, Amit spent nine years leading security research projects and teams for an Israeli government intelligence agency, specifically in embedded systems security (or lack of).

@0xAmit



Other VB2018 papers

PUPs: a tale about consumers, money and data (partner presentation)

Daniel Assouline (Avanquest Group)

The modality of mortality in domain names

Paul Vixie (Farsight Security)

Botception: hire a botnet to spread one's own botnet

Jan Sirmer (Avast Software s.r.o)
Adolf Streda (Avast Software s.r.o)

Back to VB2018 Programme page

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.