Upload File

malware analysis -an overview by pp singh

50
AN OVERVIEW PART I

Upload: nu-the-open-security-community

Post on 22-Apr-2015

2.722 views

Category:

Technology


0 download

Report

DESCRIPTION

 

TRANSCRIPT

Page 1: Malware Analysis -an overview by PP Singh

AN OVERVIEW – PART I

Page 2: Malware Analysis -an overview by PP Singh

OUR GAME PLAN TODAY – A THEORETICAL OVERVIEW

FOLLOWED BY A CASE STUDY DETAILED PRESENTATIONS ABOUT EACH

COMPONENT.

VIRTUALIZATION.

HONEYPOTS / HONEYNETS.

DEBUGGING

AND SO ON (HOPEFULLY)

Page 3: Malware Analysis -an overview by PP Singh

CAPABILITY FOR ‘ABSTRACT MATHEMATICS’

ASSEMBLY LANGUAGE

LACK OF SOCIAL LIFE

ADEQUATE ‘BEHAVIOR MODIFICATION’ OR‘TRANCE INDUCING’ MATERIALS.

Page 4: Malware Analysis -an overview by PP Singh

BASICS SETTING UP A LAB ENVIRONMENT ANALYSIS

o NETWORK TRAFFIC

o DISK IMAGE / FILE SYSTEM

o MEMORY IMAGE

o STATIC ANALYSIS

Page 5: Malware Analysis -an overview by PP Singh

TRADITIONALLY WE HAD – SOURCE CODE AUDITING – PRIME REQUIREMENT WAS SAFETY OF CODE.

THEN CAME PROPRIETARY CODE AND WITH IT ‘BLACK BOX TESTING’

ALONG CAME MODULAR COMPONENTS AND WE GRADUATED TO ‘REVERSE ENGINEERING’

Page 6: Malware Analysis -an overview by PP Singh

WITH COTS PRODUCT CAME ISSUES OF TRUST – MICROSOFT IS SAFE BUT WHAT ABOUT THE GUYS WHO MADE THE DLL.

SUGGESTED READING ‘WYSINWYX’ GOGULBALAKRISHNAN’s PHD THESIS.

METHOD TO REVERSE ENGINEERING ALONG WITH ALL ASSOCIATED LIBRARIES ‘HOLISTIC REVERSE ENGINEERING’

Page 7: Malware Analysis -an overview by PP Singh

A FOCUSED APPLICATION– MALWARE ANALYSIS.

WHY – TRADITIONAL SIGNATURE BASED ANALYSIS IS FUTILE GIVEN THE EVOLVING MALWARE.

SAME LOGIC HAS MULTIPLE ‘SIGNATURES’ HENCE ‘BEHAVIORAL ANALYSIS’

Page 8: Malware Analysis -an overview by PP Singh

PROS & CONS OF BOTH STATIC ANALYSIS & BEHAVIORAL ANALYSIS.

LARGER VOLUMES OF SAMPLES NECESSITATE ‘AUTOMATION’.

ENTER CWSANDBOX, NORMAN SANDBOX & OTHERS

BUT WE NEED ‘MORE’

Page 9: Malware Analysis -an overview by PP Singh

OVERLAPPED WITH FORENSICS. PRIVACY & POLICY ISSUES. WISH TO LEARN ‘LIVE’ EXERCISE – PART OF GROWING UP FIELD OF WORK REQUIREMENT OF CUSTOMIZED DATA COMPLEXITIES IN THE MALWARE WORLD

Page 10: Malware Analysis -an overview by PP Singh

BASICS SETTING UP A LAB ENVIRONMENT ANALYSIS

o STATIC ANALYSIS

o NETWORK TRAFFIC

o DISK IMAGE / FILE SYSTEM

o MEMORY IMAGE

Page 11: Malware Analysis -an overview by PP Singh

A CONTROLLED ENVIRONMENT.

▪ MALWARE COLLECTION. MALWARE COLLECTIONTHROUGH SPAM TRAPS, HONEY POTS AND SHAREDDATA. NEPENTHES AS AN EXAMPLE.

▪ VICTIM MACHINES. VIRTUALISATION OR REAL.VIRTUAL MACHINES ARE EASIER TO MANAGE BUTMALWARE INCREASINGLY BECOMING MORE AWAREOF THEM. VIRTUAL MACHINES LIKE VMWARE,PARALLELS, QEMU AND BOCHS ARE AVAILABLE.

Page 12: Malware Analysis -an overview by PP Singh

▪ SUPPORT TOOLS.

▪ NETWORK SIMULATION. INTERNET CONNECTION, DNS CONNECTION, IRC, WEB, SMTP, SERVER

▪ ANALYSIS TOOLS. SUPPORT OF ONLINE RESOURCES LIKE VIRUS TOTAL.

IT SHOULD BE ISOLATED.

IT SHOULD PROVIDE A FULL SIMULATION.

Page 13: Malware Analysis -an overview by PP Singh

FRIENDS

ONLINE RESOURCES

HONEYPOTS

o AMUN

o NEPENTHES

o ….

Page 14: Malware Analysis -an overview by PP Singh

WINDOWS OS START – WINDOW IMAGE USING LINUX THE RE-USABLE MALWARE ANALYSIS NET

‘TRUMAN’ VIRTUAL MACHINES NORTON GHOST / UDPCAST / ACRONIS HARDWARE – CORE RESTORE MICROSOFT – STEADY STATE

Page 15: Malware Analysis -an overview by PP Singh

THIS MINI LINUX IMPLEMENTATIONCONTAINS TOOLS LIKE PARTIMAGE,NTFSRESIZE, AND FDISK AND IS BASEDAROUND THE FANTASTIC BUSYBOX.

IT ENABLES YOU TO PXE BOOT A PC INTO ALINUX CLIENT WHICH CAN CREATE AN NTFSPARTITION, GRAB A WINDOWS DISK IMAGEFROM THE NETWORK, WRITE IT TO A LOCALDISK AND THEN RESIZE THAT PARTATION.

Page 16: Malware Analysis -an overview by PP Singh

TWO MINIMUM MACHINES. LINUX BASED SERVER TRUMAN MACHINE AS CLIENT (XP

WITHOUT PATCHES). INSTALLATION FAQON NSMWIKI.

VIRTUAL NETWORK SIMULATION

Page 17: Malware Analysis -an overview by PP Singh
Page 18: Malware Analysis -an overview by PP Singh
Page 19: Malware Analysis -an overview by PP Singh

MAVMM: LIGHTWEIGHT AND PURPOSEBUILT VMM FOR MALWARE ANALYSIS

AUTHORS - ANH M. NGUYEN, NABILSCHEAR, HEEDONG JUNG, APEKSHAGODIYAL, SAMUEL T. KING, HAI D. NGUYEN

A SPECIAL PURPOSE VIRTUAL MACHINEFOR MALWARE ANALYSIS

Page 20: Malware Analysis -an overview by PP Singh

ACADEMIC VERSION OF XP AVAILABLE.

INSTRUMENTATION OF CODE FEASIBLE

CREATION OF ‘SPECIAL WINDOWS’ BOXES

Page 21: Malware Analysis -an overview by PP Singh

BASICS SETTING UP A LAB ENVIRONMENT ANALYSIS

o STATIC ANALYSIS

o NETWORK TRAFFIC

o DISK IMAGE / FILE SYSTEM

o MEMORY IMAGE

Page 22: Malware Analysis -an overview by PP Singh

CREATE A CONTROLLED ENVIRONMENT. VIRTUAL OR REAL.

BASELINE THE ENVIRONMENT:-

▪ VICTIM MACHINE. FILE SYSTEM, REGISTRY, RUNNING PROCESSES, OPEN PORTS, USERS, GROUPS, NETWORK SHARES, SERVICES ETC.

▪ NETWORK TRAFFIC.

▪ EXTERNAL VIEW.

Page 23: Malware Analysis -an overview by PP Singh

INFORMATION COLLECTION.

▪ STATIC. STRINGS, RESOURCES, SCRIPTS, FILE PROPERTIES ETC

▪ DYNAMIC.

INFORMATION ANALYSIS. INVOLVES INFORMATION COLLATION, INTERNET SEARCHES, STARTUPMETHODS, COMMUNICATION PROTOCOLS, SPREADING MECHANISMS ETC

RECONSTRUCTING THE BIG PICTURE.

DOCUMENTATION.

Page 24: Malware Analysis -an overview by PP Singh

PSEXEC – PART OF SYSINTERNALSPSTOOLS KIT.

MS REMOTE DESKTOP VIRTUAL NETWORK COMPUTING (VNC) ULTRAVNC – SOURCEFORGE

IF YOU ARE COMFORTABLE WITH REMOTECOMMAND LINE – PSEXEC

Page 25: Malware Analysis -an overview by PP Singh

BASELINE INFORMATION

o NETWORK TRAFFIC

o FILE SYSTEM

o REGISTRY

o MEMORY IMAGE

Page 26: Malware Analysis -an overview by PP Singh

REMEMBER IT IS ‘MALWARE’

USE PKZIP TO HANDLE THE SAMPLE

COMMAND LINE METHOD

IF YOU ARE SUBMITTING SAMPLES ONLINE PASSWORD = ‘infected’

Page 27: Malware Analysis -an overview by PP Singh

DISK IMAGE ANALYSIS ADVANCED INTRUSIONDETECTION ENVIRONMENT FOR COMPARING DISKIMAGES BEFORE AND AFTER.

NTFS-3G DRIVERS & GETFATTR FOR ADS STREAMS.

REGISTRY USING DUMPHIVE

COMPARE REGISTRY DUMP BEFORE AND AFTER USINGLINUX DIFF –U COMMAND

MEMORY IMAGE ANALYSIS. PMODUMP.PL MODIFIEDTO HANDLE PEB RANDOMISATIONS, VOLATILITYFRAMEWORK USED FOR ANALYSIS.

OUTPUTS OF MULTIPLE TOOLS USED TO COMPAREAND ANALYSE.

Page 28: Malware Analysis -an overview by PP Singh

FILE SYSTEM AND REGISTRY MONITORING:PROCESS MONITOR AND CAPTURE BAT

PROCESS MONITORING: PROCESSEXPLORER AND PROCESS HACKER

NETWORK MONITORING: WIRESHARK ANDSMARTSNIFF

CHANGE DETECTION: REGSHOT

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
https://www.honeynet.org/node/315
https://www.honeynet.org/node/315
https://www.honeynet.org/node/315
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://processhacker.sourceforge.net/
http://processhacker.sourceforge.net/
http://processhacker.sourceforge.net/
http://www.wireshark.org/
http://www.nirsoft.net/utils/smsniff.html
http://sourceforge.net/projects/regshot/
Page 29: Malware Analysis -an overview by PP Singh

A GOOD WAY TO SEE CHANGES TO THENETWORK IS WITH A TOOL CALLED NDIFF.

NDIFF IS A TOOL THAT UTILIZES NMAPOUTPUT TO IDENTIFY THE DIFFERENCES,OR CHANGES THAT HAVE OCCURRED INYOUR ENVIRONMENT.

NDIFF CAN BE DOWNLOADED FROMhttp://www.vinecorp.com/ndiff/.

http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
http://www.vinecorp.com/ndiff/
Page 30: Malware Analysis -an overview by PP Singh

TCPDUMP – CONSOLE WINDUMP – CONSOLE

WIRESHARK – GUI

Page 31: Malware Analysis -an overview by PP Singh

THE OPTIONS OFFERED IN NDIFF INCLUDE:ndiff [-b|-baseline <file-or-:tag>] [-o|-observed <file-or-:tag>][-op|-output-ports <ocufx>] [-of|-output-hosts <nmc>][-fmt|-format <terse | minimal | verbose | machine | html | htmle>]

NDIFF OUTPUT MAY BE REDIRECTED TO A WEB PAGE:ndiff –b base-line.txt –o tested.txt –fmt machine | ndiff2html >

differences.html

THE OUTPUT FILE, “DIFFERENCES.HTML”, MAY BE DISPLAYEDIN A WEB BROWSER. THIS WILL SEPARATE HOSTS INTO THREEMAIN CATEGORIES:o NEW HOSTS,o MISSING HOSTS, ANDo CHANGED HOSTS.

Page 32: Malware Analysis -an overview by PP Singh

NETSTAT FPORT

TCPVcon – CONSOLE TCPView – GUI

HANDLE – CONSOLE PROCESS EXPLORER – GUI

USE PID TO CORRELATE OUTPUTS

Page 33: Malware Analysis -an overview by PP Singh

HASHING FUNCTIONS

o MD5DEEP – JESSE KORNBLUM

FUZZY HASHING

o SSDEEP – AGAIN JESSE

ONLINE HASHES OF GOOD FILES – NIST

Page 34: Malware Analysis -an overview by PP Singh

A GOOD START

VIRUSTOTAL

VIRUSSCAN

AND MANY MORE

HELP RETAIN FOCUS

Page 35: Malware Analysis -an overview by PP Singh

[email protected] [email protected] [email protected] [email protected]

VIRUSTOTAL, JOTTI, VIRUS.ORG

MANY MORE

mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
Page 36: Malware Analysis -an overview by PP Singh

PEID

POLYUNPACK

RENOVO – PART OF BIT BLAZEBASED ON MEMORY UNPACKING

AND MANY MORE

Page 37: Malware Analysis -an overview by PP Singh

TOOLS:-o PEVIEW

o DEPENDS

o PE BROWSE PRO

o OBJ DUMP

o RESOURCE HACKER

o STRINGS DETERMINE THE DATE/ TIME OF COMPILATION,

FUNCTIONS IMPORTED BY THE PROGRAM, ICONS,MENUS, VERSION, INFO AND STRINGS EMBEDDEDIN THE RESOURCES.

Page 38: Malware Analysis -an overview by PP Singh

STRINGS VIP UTILITY –

www.freespaceinternetsecurity.com InCtrl5 SANDBOXIE FILEMON REGMON AUTORUNS HIJACK THIS ……..

http://www.freespaceinternetsecurity.com/
Page 39: Malware Analysis -an overview by PP Singh

PE FORMATNEED I SAY MORE. LORD PE CAN ALSO DO MEMORY

DUMPS PETOOLS PEIDTO FIND PACKER DETAILS

Page 40: Malware Analysis -an overview by PP Singh

WINDBG OLLYDBG IDA PRO SYSRDBG – KERNEL LEVEL ? KERNEL DEBUGGER FROM MS

KNOWLEDGE OF ASSEMBLY LANGUAGECRITICAL

TRAP – API EMULATION

Page 41: Malware Analysis -an overview by PP Singh

JAVASCRIPT OBFUSCATION – SPIDER MONKEY. TOOLS FOR MS OFFICE FORMATS:-

OFFICEMALSCANNER

OFFVIS

OFFICE BINARY TRANSLATOR (INCLUDES BIFFVIEWTOOL).

OFFICECAT.

FILEHEX AND FILEINSIGHT HEX EDITORS CAN PARSEAND EDIT OLE STRUCTURES.

SIMILARLY TOOLS FOR PDF, FLASH ETC

http://www.reconstructer.org/code/OfficeMalScanner.zip
http://go.microsoft.com/fwlink/?LinkId=158791
http://b2xtranslator.sourceforge.net/
http://b2xtranslator.sourceforge.net/
http://b2xtranslator.sourceforge.net/
http://b2xtranslator.sourceforge.net/
http://b2xtranslator.sourceforge.net/
http://b2xtranslator.sourceforge.net/snapshots/BiffView.zip
http://www.snort.org/vrt/vrt-resources/officecat
http://www.heaventools.com/
http://vil.nai.com/vil/averttools.aspx
Page 42: Malware Analysis -an overview by PP Singh

EXTENSIVE FEATURES ≠ GOOD TOOL

REQUIREMENT TO SCRIPT & PARSEOUTPUTS INTO A ‘READABLE REPORT’

COMMAND LINE / GUI OPTIONS

COMPARISON OF MULTIPLE TOOLS ASVERIFICATION

Page 43: Malware Analysis -an overview by PP Singh

RAPID ASSESSMENT & POTENTIALINCIDENT EXAMINATION REPORT

RAPIER IS A SECURITY TOOL BUILT TOFACILITATE FIRST RESPONSE PROCEDURESFOR INCIDENT HANDLING.

OVERLAP BETWEEN FORENSICS ANDMALWARE ANALYSIS.

TO ILLUSTRATE THE REQUIREMENT TO‘SCRIPT AROUND GUI TOOLS’

Page 44: Malware Analysis -an overview by PP Singh

AS PART OF ANALYSIS, TRY TO IDENTIFYTHE SOURCE.

BLOCK LISTS OF SUSPECTED MALICIOUSIPS AND URLS

LOOKING UP POTENTIALLY MALICIOUSWEBSITES

INITIAL VECTOR – BROWSER HISTORY,EMAIL LOGS

Page 45: Malware Analysis -an overview by PP Singh

SIMILARITY STUDIES:-

http://code.google.com/p/yara-project/

GENOME BASED CLASSIFICATION

MALWARE SIMILARITY ANALYSIS – BLACK HAT09 - DANIEL RAYGOZA

BLAST: BASIC LOCAL ALIGNMENT SEARCHTOOL BASED CLASSIFICATION

FUZZY CLARITY – DIGITAL NINJA

http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
http://code.google.com/p/yara-project/
Page 46: Malware Analysis -an overview by PP Singh

RESEARCH IS ON FOR CLASSIFICATIONACCORDING TO:-

o OPCODE DISTRIBUTION

o API CALLS MADE

o COMPILER PARAMETER

o ……

o WILL GIVE THE ‘HEURISTICS'

Page 47: Malware Analysis -an overview by PP Singh

ALWAYS CORRELATE THE ANALYSIS:-o ANUBIS (FORMERLY TTANALYSE)

o BIT BLAZE ( COUSIN OF WEB BLAZE PROJECT)

o COMODO

o CWSANDBOX

o EUREKA

o JOEBOX

o NORMAN SANDBOX

o THREAT EXPERT

o XANDORA

Page 48: Malware Analysis -an overview by PP Singh
Page 49: Malware Analysis -an overview by PP Singh

SUGGESTED READING

o WILDCAT: AN INTEGRATED STEALTHENVIRONMENT FOR DYNAMIC MALWAREANALYSIS – AMIT VASUDEVAN

o ‘WYSINWYX’ WHAT YOU SEE IS NOT WHATYOU EXECUTE - GOGUL BALAKRISHNAN

o LARGE-SCALE DYNAMIC MALWARE ANALYSIS- ULRICH BAYER

Page 50: Malware Analysis -an overview by PP Singh

Malware & Anti-Malware

MALWARE CAMPAIGN TARGETING LATAM AND SPANISH BANKS · Malware Campaign Targeting LATAM Spanish Banks MALWARE CAMPAIGN TARGETING LATAM AND SPANISH BANKS. 2 Malware Campaign Targeting

Practical Malware Analysis: Ch 11: Malware Behavior

Using optimization algorithms for malware deobfuscationsigurnost.zemris.fer.hr/ns/malware/2010_spasojevic/Diplomski_Spasojevic.pdf · Using optimization algorithms for malware deobfuscation

Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible

Evaluating Open Source Malware Sandboxes with Linux malware

Reversing malware analysis training part8 malware memory forensics

Threat Bulletin Fileless Malware The Stealth Attacker · Threat Bulletin See. Control. Secure. Fileless Malware - The Stealth Attacker Fileless malware (FM), aka “non-malware”,

Malwarebytes Anti-Malware Unmanaged Client Administrator Guide · Anti-Malware Unmanaged Client Administrator Guide 2 Introduction Malwarebytes Anti-Malware is a next-generation anti-malware

HTA-T07R Malware Hunting with the Sysinternals Toolsindex-of.co.uk/Malware/hta-t07r-license-to-kill-malware-hunting-with... · malware Professional antimalware analysis requires years

Part 4: Malware Functionality Chapter 11: Malware Behavior Chapter 12: Covert Malware Launching Chapter 13: Data Encoding Chapter 14: Malware-focused Network

Android Malware Development on Public Malware Scanning ...sxz16/papers/bigdata2016.pdf · Android Malware Development on Public Malware Scanning Platforms: A Large-scale Data-driven

Chapter 8 Malware - FTMS · – Boot virus – Logic Bomb virus – Directory virus – Resident virus. CSCA0101 Computing Basics 8 Malware Types of Malware ... Malware Types of Malware

Malware Detection with Malware Images using …cosc.canterbury.ac.nz/research/reports/HonsReps/2018/...Malware Detection with Malware Images using Deep Learning Techniques by Ke HE

Improving accuracy of malware detection by …...FFRI, Inc. Background – malware and its detection 4 Increasing malware Targeted Attack (Unknown malware) Malware generators Obfuscators

A sophisticated Malware Arpit Singh CPSC 420 [email protected]

Reversing malware analysis trainingpart9 advanced malware analysis

Intrusion Detection and Malware Analysis - Malware analysis · Intrusion Detection and Malware Analysis Malware analysis Pavel Laskov Wilhelm Schickard Institute for Computer Science

Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware … · 2011-08-16 · Malware Analysis and Antivirus Technologies: Kernel Malware & A Look at Malware

Android Malware Exposed-Evolution of Android Malware

An Introduction To Keyloggers, RATS And Malware€¦ · Malware Malware has been a problem for ages, Malware is short form of malicious software. A Malware is basically a program

J.Bio.Innov 5(1), pp: 144-163,2016|ISSN 2277-8330 ... · 2016 January Edition | | Innovative Association J.Bio.Innov 5(1), pp: 144-163,2016|ISSN 2277-8330 (Electronic) Tiwari & Singh

Malware Analysis Analysis.pdf · Definisi Malware Analysis • What is a malware? • Malware (malicious software) ... Malware Sinkronisasi Token • Pelaku: Zeus Banking Trojan •

J.Bio.Innov 5(1), pp: 144-163,2016|ISSN 2277-8330 ... · J.Bio.Innov 5(1), pp: 144-163,2016|ISSN 2277-8330 (Electronic) Tiwari & Singh INTRODUCTION Tomato (Solanum lycopersicum L.),

The power of cyber protection fileCyBrave Certified Malware Analysis Investigator (CCMAI|CCMAIE) Malware Analysis Investigator Entry Level Malware Analysis Investigator Malware Analysis

THE EVOLUTION OF MALWARE & FUTURE MALWARE MITIGATION

| One Rotary Center | 1560 Sherman Ave. | Evanston, IL 60201 · Harjot Singh and all Rotarians who attended this virtual meeting. Harjot Singh was formally introduced by PP Dr. Rita

Malware - courses.cs.washington.edu · 2015. 5. 15. · Malware • Malicious’code’often’masquerades’as’good’ software’or’attaches’itself’to’good’software’

Malware and anti-malware (fun with Trojans) - Z. …z.cliffe.schreuders.org/edu/FS/Malware and anti-malware... · 2014-04-02 · Malware and anti-malware (fun with Trojans) ... with

Malware and Anti-Malware Seminar by Benny Czarny

Tools and techniques for cleaning malware incidents · Tools and techniques for cleaning malware incidents Martin Overton – IBM Security Services Malware/Anti-Malware SME, Forensics,

Malware Analysis' by PP Singh

Kavita Singh Presentation Pp-Biopolymer

Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] [email protected] 5. desember 2011 malware

Mobile Malware Network View - Black Hat · Mobile Malware Network View ... ... Windows Malware impacts mobile