Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Maharlito Aquino and Benson Sy (Threats Analysts)




    This year, we had the privilege of attending the 21st Virus Bulletin International Conference in Barcelona, Spain.

    Researchers from Trend Micro presented three topics in the corporate stream and one topic in the technical stream. Ethan YX Chen covered file-fraction reputation for the technical stream on day 1. For the corporate steam on day 2, Max Goncharov presented on traffic direction systems as malware distribution tools while David Sancho and Rainer Link talked about the lessons they learned while sinkholing botnets. Trend Micro global director of education David Perry talked about the missing metrics of malware.

    Among the different topics that were presented in this conference, we got hooked on those in the technical stream. Here’s a rundown of what we found particularly interesting.

    A Mobile Malware Jail

    The presentation entitled, “An OpenBTS GSM Replication Jail for Mobile Malware,” by Axelle Apvrille discussed the challenges security researchers faced when analyzing mobile threats.

    As she said, the golden rule of antivirus is not to spread any malware that we are analyzing. However, when testing malware, sometimes it is necessary to connect to the Internet or to other connections during analysis in order to verify or analyze their routines. Analysis is easier to do on malware affecting computers since it is easy to isolate them from the Internet and still be able to see what they do. Mobile malware, however, are not as easy to confine since there are no wires to unplug in order to analyze them.

    Since we don’t want to risk infecting our co-workers’ smartphones while trying to analyze a mobile malware, we need a way to be able to analyze mobile malware effectively without putting other users at risk.

    Ms. Apvrille’s solution for this is to create a dummy GSM service operator. This is a cheaper solution compared with building a Faraday cage but it is as effective in confining the malware. It uses OpenBTS, an open source, Unix-based application, and a Universal Software Radio Peripheral (USRP) device. How cheap is cheap? Around US$1,000. Still expensive but we believe this is a good investment for antivirus companies due to the growing number of mobile malware.

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice