Wednesday 24 September 15:00 - 15:30, Green room.
Micky Pun Fortinet
Neo Tan Fortinet
This paper is available online (HTML, PDF).
Often identified by its capabilities of spreading through Skype and injecting bank pages, Caphaw, also known as Shylock, has been a low-profile, yet persistent player on the botnet scene since 2011. This is a rare botnet that was released with complete functionality - standing in stark contrast to most botnet malware that is released prematurely into the wild. The intricately designed code structure, together with various obfuscation and anti-sandbox techniques, made it difficult for analysts to build a complete profile of its malicious behaviour.
In this presentation, we will discuss the technical aspects of handling anti-reversing strategies devised by the malware writer and evaluate how Caphaw's 'pluginer' capability could position itself as a robust APT player in the future.
 | Micky PunMicky Pun is a malware researcher at Fortinet Canada. She received her Bachelor's degree in computer engineering from Simon Fraser University. She has worked as a malware analyst for three years since graduating. Her main tasks include malware/packer analysis and detection creation. Pun's current research focus is on vulnerabilities and exploits. |
 | Neo TanNeo Tan has over four years experience of professional software development and three years experience of malware reverse engineering. He is a Team Lead in the AntiVirus MVRT department at Fortinet Inc. His research interests include exploits, custom packers and botnets. |
