From 12.00 until 13.30
At ETH Zurich, CNB/F/110
Universitätstrasse 6, 8092 Zurich
Abstract
- MELBL - (MELANI Botnet List): The MELANI botnet list contains botnet IPs/Domains which, we extract from malware binaries/configs or which we get from other partners. Different ISPs block the listed C&Cs via BGP Feed or on their security gateways.
- MalDB: The malware database is filled up by MELANI and we inform infected website owners respectively their ISPs.
- PhishDB: We run the website antiphishing.ch and take down (if possible) the phishing sites and provide blocking lists for the ISPs, Google, Microsoft etc.
- IDS Feed: We do offer a Suricata/Snort feed for the above mentioned lists.
- DroneDB: Different sinkhole providers send us their logs, we normalize the logs and inform the ISPs respectively the companies or citizens.
- Web crawler: We have developed a web crawler, which is searching for infected CH websites. If the crawler finds any infected domains, we put them in the malware database.
- Malvertising: Different CH Newspaper agencies were distributing malware in 2015/2016. We would show you, how the infection chain worked and how we were involved respectively what we have developed to recognize such infections.
- Incident response and malware analysis in the RUAG espionage case. We are going to quickly pinpoint a few interesting facts about the Security Response at the RUAG case and make a short introduction about the malware used by the attacker group.