Last weekend I was at Toorcon 11 in San Diego mostly because of my interest in botnets and malware. Just some brief cliff notes from the conference I thought were semi-interesting:
Koobface is absolutely the coolest virus/trojan ever. Whatever dev team is maintaining that project is genius. For instance, to create accounts they’ll download a captcha from one infected user, show it to another infected user telling them they need to type it in to continue using their computer, and then they’ll take that response and send it back over to the first infected user to create an account.
Another hilarious thing is a guy by the name of Dancho Danchev has been doing research on koobface, and they mess with him all the time. For instance, they redirected facebook’s IP space to his blog.
Lastly, koobface spoofs as a Flash updater to get people to install it. Pretty interesting way to get someone to download something. It’s something I’d even fall for probably.
A little bit on Malware installs was discussed along with some interesting tools.
SDDownloader is software you manage to get installed on a users machine and it allows you to install more software (aka payperinstall toolbars) with it.
Although not new:
VirusTotal – does full virus scans on anything you upload to it via a bunch of commercial and free virus scanners.