The goal of mass malware is to successfully run on as many different platforms and applications as possible. The goal of 0-day malware is to exploit a narrow set of hosts.
In recent 0-day attacks against Adobe Flash Player and Adobe Reader, we have observed exploits combining the features of mass malware -- obfuscation and complexity -- with the quality that makes up a successful 0-day exploit: one or more heretofore unpatched vulnerabilities in an application.
In this talk we will discuss Adobe's response to such attacks that use "mass-customized" malware. We will detail the features that herald these attacks as the start of a new trend of exploitation, using four recent 0-day vulnerabilities as case studies. We will reflect on the relative success of sandboxing in context of these attacks and in addition, we will explain how we adapted our security response strategies to meet this new trend of exploitation.
ABOUT PELEUS UHLEY
Peleus Uhley is the Platform Security Strategist within Adobe's Secure Software Engineering Team (ASSET). His primary focus is advancing Adobe's Secure Product Lifecycle (SPLC) and assisting with incident response within Adobe platform technologies, including Flash Player, ColdFusion and AIR. Prior to joining Adobe, Peleus started in the security industry as a developer for Anonymizer, Inc., and went on to be a security consultant for @stake and Symantec.
ABOUT KARTHIK RAMAN
Karthik Raman is a security researcher on the Adobe Secure Software Engineering Team (ASSET), where he focuses on vulnerability analysis and technical collaboration with industry partners. Before joining Adobe, Karthik was a research scientist at McAfee Labs, where he worked on threat analysis, building automation systems, malware analysis, and developing advanced antimalware technology. Karthik holds a Master of Science degree in Computer Science from UC Irvine and Bachelor of Science degrees in Computer Science and Computer Security from Norwich University.
Uploader: Hack In The Box Security Conference