Peeling The Layers Of Vawtrak

SecTor 2015

Presented by: Raul Alvarez
Date: Tuesday October 20, 2015
Time: 10:15 - 11:15
Location: 803
Track: Security Fundamentals

Vawtrak, also called NeverQuest, is a banking malware that targets banks and other financial institutions all over the world. It is a sophisticated malware that challenges the likes of Zeus and other malevolent trojans. Vawtrak has been seen to bypass 2FA, captured video and screenshots, and also form part of a big botnet infrastructure. Vawtrak is a very sophisticated malware not only in its malicious features, but also in its code. It uses a new modern technique called layering, similar to a Matryoshka doll, wherein the original malware produces another malware from within its binaries.


Raul Alvarez

Raul has been working at Fortinet since 2004 as a Senior Security Researcher/ AV Team Lead. He is also the Lead Trainer responsible for educating junior AV/IPS analysts in malware analysis and reverse engineering. He is a regular contributor to the company blog and the Virus Bulletin publication. Before he joined Fortinet, Raul was a Senior AntiVirus Engineer and an AntiVirus Trainer at TrendMicro Philippines. He was also an instructor at two major universities in the Philippines.

KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats