Automated Malware Similarity Analysis

DEF CON 17

Presented by: Logan Lodge
Date: Friday July 31, 2009
Time: 17:00 - 17:20
Location: Turbo/Breakout Track
Track: Turbo/Breakout

While it is fairly straightforward for a malware analyst to compare two pieces of malware for code reuse, it is not a simple task to scale to thousands of pieces of code. Many existing automated approaches focus on runtime analysis and critical trait extraction through signatures, but they don't focus on code reuse. Automated code reuse detection can help malware analysts quickly identify previously analyzed code, develop links between malware and its authors, and triage large volumes of incoming data.

Daniel Raygoza

<strong>Daniel Raygoza</strong> is employed with General Dynamics at the Department of Defense Cyber Crime Center (DC3) Computer Forensics Laboratory (DCFL) as a Forensic Examiner, where he has worked for six years. He performs system forensics, incident response, malware analysis and reverse engineering, and R&D; in support of his fellow analysts. He has presented several times at the DC3 Cyber Crime Conference, and has released several small tools for use by the forensics community.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats