How Low Will Malware Go? presented at HITBSecConf Malaysia 2009

by Nishad Herath,

Tags: Security Malware

Summary : How Low will Malware Go?Presentation AbstractImagine the next worm that establishes its C&C network by randomly choosing communication nodes from a set of algorithmically generated nodes. Now to achieve this, for example, it would be really simple for the bad guys to mass register a set of domain names that are algorithmically generated wouldn’t it? Yes – and we have seen this done before. So what might be our best defense here? Well, perhaps it is to go on the offensive staright off the bat. Turn the enemy’s strength into its weakness. How? Reverse-engineer the algorithm, identify the generated domains and have the registrar de-register them – at the very least! Of course the worm can try to obscure the domain generation algorithm to make our lives harder. But in the CPU land, we’ve survived many battles. We have a significant collective knowledge base and a toolset – both battle tested for decades. Sure we’re lacking in some corners perhaps, but in general, our readiness is strong. We can take on what bad guys throw at us. However, some very smart people have pointed out how future worms might take sensitive algorithms such as these from CPU land and hide in the GPU land, essentially creating a new battleground where we’re less prepared. Scary? Yes – somewhat. But is this all there is to it? Unfortunately not…In this talk, we will show you how the GPU is merely the tip of the ice-berg. We will show code which demonstrate the various processing options available to malware both inside and outside the PC, away from the CPU. Away from where our expertise and toolset is currently at its best. For the forensic professionals and malware analysts, we will discuss some of the more likely battlegrounds to come and what skills would be helpful to win. For security architects and industry strategists, we will discuss how to mitigate some of the potential exposures through better security architecture across systems and also, through better industry best practices.In general we will identify key areas where we can build technology, expertise, readiness and resilience to be better prepared for non-CPU oriented malware technologies.About Nishad HerathNishad Herath has been intimately involved with reverse engineering and information security for the better part of the last two decades. Perhaps obsessively so.His extensive reverse engineering experience extends to hardware, software, firmware and as of late, wetware. He has made many and often pioneering contributions to various sectors of the information security space, covering both offensive and defensive aspects. These sectors include Windows security, DRM and secure systems design practices.During his professional career spanning well over a decade as an in-house researcher, independent consultant, strategist and an entrepreneur, he has worked with organizations rangingfrom startups to multi-billion dollar public corporations. His clients include top security vendors, various other ISVs, private sector enterprise, media and entertainment companies as well as government, law enforcement and intelligence agencies. While the majority of Nishad’s professional commitments currently alternate between technology R&D and strategic business development, he has remained very passionate about being an educator, having provided private training to numerous clients as well as having presented to the public at various security conferences including BlackHat Briefings (USA), Ruxcon (Australia) and T2 (Finland) over the years.Based on his expertise, Nishad strongly advocates the freedom to reverse engineer as a basic human right. He also advocates risk management as the most important aspect of digital defense strategy and CNA capabilities as an increasingly vital part of any national security agenda. Beyond his professional obsessions, all personal time his wonderfully supportive family spares him, he dedicates to reverse engineering wetware in the context of traditional martial arts, meditation techniques and healing practices.