Talk: How present day banking malware works? From Spam emails to money transfer 2016-08-12

Present day malware is very sophisticated and much different than a decade ago. Malware is no longer a single executable file which executes on the victim's computer and runs as a process. There are multiple stages involved from a typical malware infection to completion of its objectives. Typically, infection starts with a victim clicking on a link in a spam email. It then leads to a binary executable downloaded and executed on the victim's computer. This is however, just the tip of the iceberg, the executed binary usually downloads further binaries from internet and creates several processes, registry keys and injects into legitimate process’s memory. After a series of steps, the money is transferred from victim's bank account to a bank account controlled by criminals.

This talk will explain the events from spam email to money transfer step by step to help the audience understand malware and protect themselves better.

Saad Khan

Saad Khan holds a Joint master’s degree in Security and Mobile Computing from Norwegian University of Science and Technology (Norway) and University of Tartu (Estonia). He has been working as a Malware Analyst in eCrime department of CSIS in Denmark for past 2 years. He primarily reverse engineers banking malware and researches various aspects of cyber security. In his free time, he enjoys playing Clash of Clans, swimming and playing Tennis.