Operation Windigo is a large server-side malware campaign that targets Unix systems (BSD, Linux, etc.). Its operators control more than 25,000 compromised servers. Every day, they use this infrastructure to redirect more than 500,000 end-users to malicious content and send more than 35M spam messages. This talk will cover what we have done and what we have found throughout our investigation of this operation. We will also look at the tools and techniques we used, how organized and automated the malicious infrastructure is and their various network evasion techniques. Attend our talk to understand how traditional on-disk forensics isn’t sufficient to detect and investigate these types of threats. You will learn to react to them by doing live system forensics with standard Linux utilities.
October 22, 2014 | Tech 2 (801a) | 14:40 – 15:40