Case study - successes and failures apprehending malware authors presented at Virus Bulletin 2010

by Raymond a. Pompon (Hcl capitalstream),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2010/abstracts/Pompon.xml

Summary : "
Most malware authors operate with impunity, very few are prosecuted. Based on the author's first-hand experience with a
decade's worth of malware cases, several organizational behaviour factors for successful malware prosecution become evident.
Some of these factors are already part of the known body of best practices for incident response, such as promptness and
partnerships, while other factors include resolve and awareness. This paper will examine a variety of cases, including the
very successful Christopher Maxwell botnet prosecution (http://www.justice.gov/criminal/cybercrime/maxwellPlea.htm). The
points of view of the individuals directly involved in these cases will explored, including the perspectives of the
organizational staff and leadership, the FBI case agents and prosecuting attorneys. The paper will look at the cases with
respect to the differences between generic incident response and responding to a malware infection. The paper will
examine the critical behaviours that can organizations can implement to help apprehend and successfully prosecute malware
authors.
"