Loading…
Botconf 2018 has ended
Back To Schedule
Thursday, December 6 • 09:50 - 10:20
Botception: Botnet distributes script with bot capabilities

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Monitoring botnets is a crucial component of cybersecurity, but it’s not everyday we see a botnet spreading scripts with bot capabilities. At the end of April 2018, while monitoring one of the branches of the Necurs botnet, we observed new scripts being distributed by the botnet.

In our presentation we will dive into the results of our analysis of scripts with bot capabilities, spread by a botnet. The analyzed scripts were spread by the Necurs botnet through spam emails, and while the initial infection chain was rather short, the multiple stages thereafter included capabilities to make it a fully fledged botnet.

The distribution of the these scripts is an interesting step out from the standard behavior of the Necurs botnet, and we will therefore share information about the Necurs’ branch we are monitoring, the changes it underwent in a year, and detailed analysis of the script bot itself. As the code involved in the infection chain was not heavily obfuscated, the analysis will be interlaced with code examples.

Our analysis provides detailed information about the function and behavior of the scripts, the origin of the information and a comparison of the scripts’ versions over time. After we explore the scripts’ whereabouts, we will again dive more deeply into the Ammyy-like malware infection chain.

Speakers
JS

Jan SIRMER

Malware Analysis Team Lead, Avast Software s.r.o
avatar for Adolf Středa

Adolf Středa

Malware Researcher, Avast Software s.r.o.


Thursday December 6, 2018 09:50 - 10:20 CET
Auditorium Marthe Condat 118 Route de Narbonne, 31400 Toulouse, France