The VOHO Campaign - an in-depth look presented at ROOTCon 2013

by Christopher Elisan,

Summary : In July of 2012, we discovered an emerging malicious code and content campaign spreading at a rapid rate within very specific geographic theaters. These clusters were confined to ten geographic areas and involved thousand of hosts. To the untrained eye, this looks like a common “drive-by” attack mechanism but additional analysis and research show it to be otherwise. This presentation sheds light in the new attack, which we termed “Watering Hole.” The talk will cover the deployment method used to spread the malware and the malware’s behavior once it reaches the target system.