IdSIRTIICC is Indonesia National Computer Emergency Response Team

Id-SIRTII/CC is Indonesia National Computer Emergency Response Team OUR AIMS To support a good environment on Internet infrastructure in the country To improve Internet security and encourage legal e-transactions in Indonesia. Ali Syarief Android Malware Operating System (Malware Analyst) Research & Development Dept. Id-SIRTII/CC Andre Nurhanggoro ( Simulation Lab ) Research & Development Dept. Id-SIRTII/CC Ravindo Tower 17 th floor Kebon Sirih No. 75 Central Jakarta 10340 - Indonesia P: +62 21 3192 5551 / info@idsirtii. or. id

OVERVIEW APAC OVERVI INTERNET EW USE

DESKTOP OS MARKET SHARE

MALWA RE

Malware

THE EVOLUTION OF MALWARE Ravindo Tower 17 th floor Kebon Sirih No. 75 Central Jakarta 10340 - Indonesia P: +62 21 3192 5551 / info@idsirtii. or. id

MALWARE CATEGORY Category DESCRIPTION (preferably binary) but invites attacker capability of spreading at its own exploits a vulnerability in the app ROOT-KIT To hide the actual malware from system information SPYWARE Spy on the user habits and data and sends it PHISING A website made to mimic an existing website SPAM Sending unwanted emails BOTS Code in command control network to launch DDOS Attacks and other malicious operations

TYPICAL TARGET ATTACK

MALWARE ANALYS

Workflow Lab Malware ID-SIRTII/CC Ravindo Tower 17 th floor Kebon Sirih No. 75 Central Jakarta 10340 - Indonesia P: +62 21 3192 5551 / info@idsirtii. or. id / www. idsirtii. or. id

Why Analysis Malware Incident Response Vulnerability Attack trends and Threat Evaluation Penetration Test Computer Forensics Find New signature ANALYSIS MALWARE

ATTACK AREA WINDOWS

Malware Analysis Method

Surface Analysis Tr. ID Runtime Analysis Regshot CFF Explorer PE & PM Bin. Text Wireshark Static Analysis Olly. Dbg IDA Pro TOOLS ANALYSIS

TOOLS Tools For Analysis Malware Method MASWI NTOOL Surface - RUNTIME- Static Tools

Mas. Win TOOLS Tutorial Mas. Win

ABOUT MASWIN

DEMOVIDEO