END-TO-END ANALYSIS OF A DOMAIN GENERATING ALGORITHM MALWARE FAMILY

Select malware families have used Domain Generating Algorithms (DGAs) over the past few years in an effort to evade traditional domain blacklists, allow for fast-flux domain registration and usage, and evade analysts’ abilities to predict attackers’ control servers. While novel work has been done by both private industry and academia with respect to detecting DGA-related network traffic, this presentation demonstrates end-to-end analysis of a DGA malware family, from binary deobfuscation to DGA analysis, to sinkholing, to domain registrant research, to attribution of the malware’s author and accomplices.

The malware family discussed in this presentation has thousands of active variants currently running on the Internet and has managed to stay off of the radar of all antivirus firms. This presentation will bring to light how this malware is tied to an underground campaign that has been active for at least the past six years.

Presented by