The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it! presented at DerbyCon 2013

by Ian Robertson, Michael Gough,

Summary : “Both CXO’s and technical staff should attend this talk. You can throw lots of time and money at scanning your systems for unknown malware, but the reality is that you will only identify a small portion of the bad stuff. Changing the way you approach managing your systems by using this process will help you find malware.
In this presentation we will introduce you to the “Malware Management Framework”, a repeatable process that can identify the most advanced malware on Windows based systems without signatures or the need to understand anything about the malware. This isn’t whitepaper fluff, this is the real deal straight from the professionals who have dealt with some of the nastiest stuff in the real world, defending real environments. This presentation will discuss the current state of malware, the problems with current detection methods and share a new process that anyone can setup to assist in malware discovery and remediation.
If malware is a concern in your environment, you need to attend this talk and take away actionable information you can begin using immediately.
JUSTIFICATION:
Anti-Malware and malware detection and prevention solutions currently on the market are failing in detecting today’s advanced malware. There are over 110 million new pieces of malware discovered in 2012. AV-Test.org has already listed 60 million new malware between Jan-May 2013, exceeding malware numbers for all 2011! The “Malware Management Framework” and this presentation will teach IT and security professionals how to setup a program to easily and inexpensively detect the most sophisticated malware on their systems, or validate a system is malware free. This approach will save significant dollars on Incident Response and allow companies to move forward after an incident and not be paralyzed by the event. This is not a traditional forensics talk, this is a new innovative methodology proven by the speakers in their current environment with WinNTi and other advanced malware.”