Internet Commerce Security Laboratory (ICSL)


Talk by Jon Oliver at the JCSC

Posted: Thursday 21 February 2019

At the end of 2018 ICSL signed on to become a partner with the Melbourne Joint Cyber Security Centre (JCSC), a node of National Cyber security (ACSC), allowing ICSL to collaborate with ACSC, AFP, ASD, DSTG, as well as providing access to the centre.

ICSL hosted its first event at the JCSC on the 13th of February to launch the Malware and Reverse Engineering Conference with guest speaker Jon Oliver, of Trend Micro, presenting a talk entitled “Current Trends in Malspam“.  The event was well attended by ICSL industry partners and guests invited by the JCSC.

Jon’s talk provided a clear explanation of how Malspam is used to infect large numbers of users with malware. Malspam is widely distributed as attachments on unsolicited emails. These emails attempt to present compelling reasons for the targeted user to open the attachment. Malspam attachments are obfuscated scripts that download malware from the internet. These scripts are often comprised of office documents with malicious macros or pdf files with executable javascript. When these scripts are executed, the obfuscated code is commonly decoded as powershell scripts. Malicious powershell scripting techniques have been developed for what is referred to as fileless malware. The fileless malware technique allows malware to be downloaded and executed without being directly written to the file-system. Where persistence is required, fileless malware may be written to the Windows registry.

Jon gave the TrickBot malware as an example of modern information stealing malware that is distributed as malspam. Trickbot was first identified in 2016 and had one information stealing module. Trickbot development has continued since 2016 and a large number of modules are now available for criminal purposes.

Following on from Jon’s talk three of ICSL’s current PhD students spoke about their research. Ansam Khraisat spoke about her research that involves building a comprehensive view of cybersecurity status by integrating alerts from disparate sources. Md Monirazzaman spoke of his research that uses machine learning techniques for the detection of webinjects into internet banking sessions. Paul Black spoke about the development of command and control emulators that allow historical malware samples to be executed for research purposes.

Following the seminar an informal session was held to allow networking between the participants.

Contact Kylie Turville
Administrative Officer
03 53276574
21-02-19_20190213_133419.jpg - Talk by Jon Oliver at the JCSC