Full Disclosure: HITB2011KUL - Mobile Malware Analysis

["research () vulnerability-lab com" <research () vulnerability-lab com>]

Title:
======
HITB2011KUL - Mobile Malware Analysis


Date:
=====
2012-02-06


References:
===========
Download:       http://www.vulnerability-lab.com/resources/videos/424.wmv
View:           http://www.youtube.com/watch?v=nVAuZ7jf7Sk



VL-ID:
=====
424


Status:
========
Published


Exploitation-Technique:
=======================
Conference


Severity:
=========
High


Details:
========
Mobile malware is becoming a larger concern every day, as the proliferation of smartphones continues and more and 
more in-the-wild malicious applications appear. Unfortunately, many people charged with malware analysis and/or 
network defense lack the tools or the know-how to analyze malicious binaries on anything but a standard Windows/x86 
environment – and thus mobile malware remains shrouded in mystery, with inadequate response compared to traditional 
desktop-based malware.

This presentation aims to combat that problem. I’ll explain the process of setting up a virtual machine capable of 
running and analyzing Android applications (chosen as the mobile platform most likely to see new malware), and then 
step through analysis of live samples collected from the wild. The analysis will focus primarily on network behavior 
that can be used to detect infected devices – something whose usefulness is not limited to cell phone carriers, given 
the number of mobile devices that communicate over local Wi-Fi networks.


Credits:
========
Alex Kirk is a senior member of the Sourcefire VRT, and has been involved in vulnerability analysis and detection since 
starting there in 2004. He currently runs the VRT’s malware zoo, which has produced over 1TB worth of packet capture 
data by running live samples from the ClamAV virus database. He is the author of a pair of Snort-related chapters in 
the 2009 book “Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century,” is a regular 
contributor to the VRT blog (http://vrt-blog.snort.org/), and routinely speaks at security conferences around the world 
on IDS-related topics.


Disclaimer:
===========
The information provided in this video is provided as it is without any warranty. Vulnerability-Lab disclaims all 
warranties, 
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. 
Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss 
of business 
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such 
damages. Some 
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing 
limitation 
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from 
Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, 
including the use of 
other media, are reserved by Vulnerability-Lab or its suppliers.

                                                Copyright © 2012|Vulnerability-Lab




-- 
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin () vulnerability-lab com or support () vulnerability-lab com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/