Welcome to the VB2021 conference!

Bugs in malware – uncovering vulnerabilities found in malware payloads

Nirmal Singh (Zscaler) & Uday Pratap Singh (Zscaler)
partner message

Ransomware prevention starts with zero

https://www.zscaler.com/solutions/security-transformation/ransomware-protection

Ransomware attacks are increasing 500% year-over-year.

Learn how Zscaler's Zero Trust Exchange helps minimize exposure, damage, and risk

at every stage of a ransomware attack.

partner message

We don’t just talk about sharing. We do it every day.

https://www.cyberthreatalliance.org/about-cta

Learn how to collaborate with the Cyber Threat Alliance to improve your overall cyber resilience.

We are a greater team when we work together; our collective efforts magnifies our success and

ensures that we are and remain cyber resilient.

partner message

F5 helps find malware hiding in plain sight

https://www.f5.com/company/blog/half-the-world-s-malware-is-now-encrypted

Encrypted malware is becoming increasingly common, and daisy-chaining security devices is neither

cost-effective, nor efficient. Detecting and stopping malware doesn’t have to be overwhelming with

F5’s innovative products.

partner message

Looking for performance validation for your product?

https://www.virusbulletin.com/testing/

Get an edge over your competitors with Virus Bulletin’s anti-malware & email security certification

programmes, supported by 30+ years of experience. Or take advantage of our bespoke testing service

offering valuable performance feedback for R&D. Email [email protected]

partner message

Farsight Security DNSDB® is the world's largest real-time and historical database of DNS resolutions

https://www.farsightsecurity.com/get-started-guide/

DNSDB 2.0 introduces Flexible Search support, unlocking both Regular Expressions and Globbing syntaxes for more granular and accurate search results. Get your free DNSDB API key and use it in our newly updated

web GUI, DNSDB Scout as well as your own existing environments. Contextualize everything that is DNS related with one API key - DNSDB.

partner message

VirusTotal: Actionable crowdsourced threat intelligence

https://www.virustotal.com/

Comprehensive context and cutting-edge functionality to proactively protect from cybersecurity threats.

partner message

IoT security begins with your Smart TV

https://chomar.link/smarttv

CHOMAR Smart TV Security.

Protect your Android Smart TV against malicious activities and use your IoT devices without any worries.

partner message

Stay ahead of threats with VirusTotal

https://www.virustotal.com/

Stay ahead of the next generation of threats and get relevant insights to solve

the most critical security challenges.

partner message

QI-ANXIN Technology Group Inc. Leader of New Generation Cybersecurity

https://ti.qianxin.com/marketing/vb2021/

QI-ANXIN Technology Group Inc. offers next generation enterprise-class cybersecurity products

and services to government and businesses. QI-ANXIN is the Official Cyber Security Services and

Anti-Virus Software Sponsor of the Olympic and Paralympic Winter Games Beijing 2022.

partner message

Do you like doing work that matters to you… and really frustrates the bad guys?

https://talosintelligence.com/careers

At Talos, our mission is to make the internet a safer place and fight the good fight for our customers

and users. If you think you have the expertise and attitude to help lead the world in cutting-edge security,

we’d like to talk.

partner message

Calling all Hackers!

https://www.ise.io/careers/#op-470256-hacker-midseniorprincipal

We are hiring mid-senior-principal level hackers!

Remote option • Flex schedule • Unlimited vacation • Opportunities for research and publication

partner message

Threat Intelligence and Cyber Resilience

https://vblocalhost.com/programme/#TIPS

Join the VB2021 Threat Intelligence Practitioners' Summit (TIPS), sponsored by the Cyber Threat Alliance,

and learn how investment in threat intelligence builds cyber resilience, allowing you to be more effective

when addressing today's dynamic threat landscape.

partner message

Amazon Information Security - come build the future with us!

https://www.amazon.jobs/en-gb/team/infosec

Do you want to work on privacy and security challenges at unprecedented scale?

We have Privacy and Information Security opportunities available now across

the United States, Dublin, Ireland, and Sydney, Australia.

Malware authors often take advantage of vulnerabilities in popular software and use other techniques to bypass security products like anti-virus, sandboxes and intrusion detection systems, and security researchers find ways to patch such bugs in products to make detection effective both statically and dynamically. There is a lot of research about anti-VM, anti-sandbox and bypassing AV products, but we haven’t seen much on the opposite side – that of finding bugs in malware which prevent the malware from spreading and infecting the system. Sometimes there are also bugs and coding errors in the malware code which cause the malware to crash and not serve its sole purpose. Such bugs can persist in malware families for a long time.

Through this research, we present multiple prevalent malware families which are crashing due to coding errors. We observed that sometimes malware doesn’t validate the output of a queried API or are unable to handle different types of C&C response. Authors often develop malware according to their local environment and don’t consider other techniques, e.g. ASLR, DEP, required to load modules in malware which cause them to crash.

To illustrate multiple bugs and coding errors in malware, we have performed a large-scale analysis of a data set of malicious samples that crashed in the Zscaler Cloud Sandbox. We collected such samples from late 2019 to March 2021 in the Zscaler Cloud. Furthermore, research & analysis is performed on multiple malware families showing crashes or running idle due to coding errors.

We will look at recent malware, botnets and ransomware with such different kinds of vulnerabilities and coding errors. We will also present a methodology to categorize malware families based on vulnerabilities and also detection in a cloud sandbox based on minimal activity before crash.

Got a question about this presentation? To get in touch with the speakers, contact Nirmal Singh by email on [email protected] or on Twitter at @nirmalbhary, or Uday Pratap Singh by email on [email protected] or on Twitter at @n33edusername.
Nirmal Singh
Zscaler

Nirmal Singh is Director of Security Research team at Zscaler ThreatLabZ located in Chandigarh, India. Nirmal has a Ph.D. in computer science and has been working in the threat research and analysis field for the past 11 years. He oversees malware research, detection and innovation at Zscaler. Prior to Zscaler, he worked with Norman as a manager for the threat response team.

Uday Pratap Singh
Zscaler

Uday Pratap Singh works in Zscaler ThreatLabZ as a staff security researcher. He has more than nine years of experience in the threat research field. He previously worked with CDAC as Project Engineer. His research area includes sandboxing, malware analysis, and developing tools for effective detection against malware. Uday holds a Bachelor's degree in computer science from Uttar Pradesh Technical University and is currently pursuing an M.Tech in data science from BITS, Pilani. Apart from threat research, Uday loves to play cricket and to watch movies.