Fortinet

Black Hat Europe 2012 is now a month away, and this year, Fortinet researchers are taking their place among the headliners with three presentations in the lineup.

“An Attacker’s Day Into Virology: Human vs Computer” : What do influenza and the Conficker worm have in common? A lot. Fortinet researchers Axelle Apvrille and Guillaume Lovet will delve into these questions in their presentation with a deep comparison of technical and biological virology. During their discussion, the researchers will examine virus behaviors such as infection methods and attack strategies, highlighting undeniable similarities, as well as significant differences, between the characteristics of malicious computer code and prolific human virus strands.

“Have you ever wondered how much those nasty biological viruses actually invented before Black Hats did? They surely invented brute-force attacks, polymorphism and time bombs, and yet, they never presented at BlackHat for this,” according to the briefing summary. “We intend to give them credit for some of their best attack scenarios.”

“Breeding Sandworms: How To Fuzz Your Way Out of Adobe Reader’s Sandbox”: Both Lovet and Fortinet researcher Zhenhua Liu will also take an in-depth look at Adobe Reader X and reveal exactly how they circumvented Adobe Reader’s sandboxing technology in their presentation.

“By leveraging some broker APIs, a policy flaw, and a little more, we were able to break free from Adobe’s sandbox,” the authors write in their summary.

Adobe’s sandbox, called Adobe Reader X Protected Mode, was introduced in July 2010 and is similar to sandboxing techniques in Google Chrome and Microsoft’s Practical Windows. Ideally, Adobe’s Protected Mode aims to greatly reduce, or prevent altogether, the installation of malware by containing malicious code inside infected PDFs. However, the current Adobe exploit relies on a vulnerability previously patched in September of last year, underscoring that Adobe’s sandbox is likely a flawed line of defense against major attacks against Adobe Reader X.

“The Kelihos Botnet”: In addition, Fortinet researcher Kyle Yang will give an overview and answer some burning questions regarding the Kelihos botnet during his presentation. The spam bot Kelihos, once thought to be defunct following a collaborative takedown in September of last year by Microsoft and Kaspersky Lab, was later resurrected and is still capable of sending copious spam. Among other things, Yang’s discussion will closely examine how the botnet’s p2p infrastructure has evolved and what new functionality we can expect to see from the revived attack going forward.

Black Hat Europe 2012 will be held at the Grand Krasnopolsky Hotel, in Amsterdam, Netherlands, March 14-16. You can see briefing schedules or more information on the Black Hat Europe 2012 website.