Last week Ero Carrera and I spoke at Source Barcelona. As I mentioned previously on this blog we were both very excited to give this talk. The talk went very well! We could not have asked for a better audience. The conference itself was also a blast, and I recommend Barcelona to anyone and everyone.
We've gotten around to uploading the slides. They include all the statistics we came up with for this talk. When you review the slides take a look at slide 16 "Complexity of Mydoom" and slide 17 "Complexity of Kraken." These two slides depict control flow graphs of the popular malware Craken and MyDoom. Notice how much functionality is crammed into these binaries. As an Anti Virus company that's a lot of data and bytes to work with to generate a successful signature.
Now look at slide 44 "Sample BA", it's the control flow graph of an APT sample. Notice some differences? Our hope is this talk gets people thinking about the different types of threats, different malware families make to organizations, as well as the clear differences between APT and mass malware.