Locky, Dridex, Necurs: the evil triad

While Locky and Dridex inner working are well understood as they have been on the news all year long, how their distribution system operate is still relatively unknown as it is only seen by email providers.
In this talk we lift the curtain and present how Locky, Dridex, and Necurs their distributing botnet look like from the Gmail perspective. We will outline the key techniques and protocols that those gangs are using in an attempt to evade detection and orchestrate their campaigns. We will conclude by showcasing a selection of the techniques used in their droppers which illuminate how proficient those groups have become at exploiting Javascript quirks.

Print Friendly, PDF & Email