Some malicious software is designed to avoid infecting the system more than once by looking for predefined infection markers. Incident responders can vaccinate endpoints against such malware families by distributing the corresponding markers across the enterprise. The vaccines can take the form of specific registry keys, file names, mutex objects, and so on. Incident responders and threat hunters already know to treat such artifacts as indicators of compromise (IOCs). Vaccination entails using some IOCs to not only detect, but also prevent infections. This webinar will show how, by examining malware, analysts can derive potential infection markers. It will also examine the potential for and limitations of vaccination and will explore several samples that could be controlled using this technique.
Tune into this educational webinar to learn about the potential of malware vaccination and expand your perspective on the role of malware analysis in the context of incident response and threat hunting. The session will be conducted by Lenny Zeltser, who has co-authored and teaches FOR610: Reverse-Engineering Malware at SANS and builds anti-malware products at Minerva Labs!