Everyday there are new pieces of malware discovered in the wild. But rarely do you get to discuss the findings with security analysts from the company that first identified it in the wild. IDAT Loader is a new piece of malware designed to be executed via a combination of drive by attacks, JavaScript, compromised software packages, and some social engineering to trick potential victims into engaging with it. Its’ payloads vary but are traditionally info stealer or backdoor malware.
In this exciting Real Training for Free session, for the first time ever we’ll take a look at a newly-discovered malware family and the attack methods used, diving into the details with security researchers from the company that discovered it.
Up first, 4-time Microsoft MVP, Nick Cavalancia takes my seat as he first discusses the role of social engineering in similar attacks to those associated with the IDAT Loader. He’ll also discuss some of the more common obfuscation techniques used to allow loaders to avoid detection by security solutions.
Up next, we’ll hear from Thomas Elkins, Malware Analyst, and Evan McCann, Associate Detection & Response Analyst – both from Rapid7. They will discuss the delivery method pertaining specifically to users being lured into downloading fake browser updates and how this has led to the execution of the IDAT Loader. They will then discuss what makes the IDAT Loader so sophisticated and difficult for A/V to detect. They will also demonstrate how the IDAT Loader decrypts the final payload and injects itself.
Up first, Evan will present his findings on how the attack utilizes java scripts within compromised websites that leads to the users downloading the Fake Update binaries. Then Tom will present various versions of the IDAT Loader, providing a hands-on example of the IDAT loader version that utilizes DLL search order hijacking and show how to extract the final payload.
This Real Training for Free session will be chock full of real-world application! Register now!