Lastline Labs

Dr. Christopher Kruegel

Currently on leave from his position as Professor of Computer Science at UC Santa Barbara, Christopher Kruegel’s research interests focus on computer and communications security, with an emphasis on malware analysis and detection, web security, and intrusion detection. Christopher previously served on the faculty of the Technical University Vienna, Austria. He has published more than 100 peer-reviewed papers in top computer security conferences and has been the recipient of the NSF CAREER Award, MIT Technology Review TR35 Award for young innovators, IBM Faculty Award, and several best paper awards. He regularly serves on program committees of leading computer security conferences. Christopher was the Program Committee Chair of the Usenix Workshop on Large Scale Exploits and Emergent Threats (LEET, 2011), the International Symposium on Recent Advances in Intrusion Detection (RAID, 2007), and the ACM Workshop on Recurring Malcode (WORM, 2007). He was also the head of a working group that advised the European Commission (EC) on defenses to mitigate future threats against the Internet and Europe's cyber-infrastructure.
Find me on:

Recent Posts

Three interesting changes in malware activity over the past year

Posted by Dr. Christopher Kruegel on 3/31/16 5:00 AM

Every day, our Lastline sensors observe millions of files that our customers download from the Internet or receive as email attachments. These files are analyzed and, in many cases, executed or opened inside our sandbox. The sandbox is a secure, instrumented analysis environment where we can safely look for interesting behaviors that indicate bad intentions and outright malice. 

Every once in a while, we take a step back and look at the malicious behaviors that we have seen. Malware authors always look for new ways to make money, get access to sensitive data, and evade detection. They introduce new behaviors, refine ideas that they have tried in the past, and add tricks to bypass security controls. By looking over the data collected over the last year, we discovered a few interesting trends that show some of the directions that malware authors take. In this research note, we discuss three findings that struck us as interesting and worth reporting. As a forth bonus item, we also revisit evasive behaviors, something that we have been tracking for many years.

Read More

Topics: Evasive Malware, Bank Malware, Lastline Labs, Banking Trojan, Browser Modification, Code Signing

Labs Report at RSA: Evasive Malware’s Gone Mainstream

Posted by Dr. Christopher Kruegel on 4/21/15 10:00 AM

This afternoon at the RSA Conference in San Francisco, I will present on “Evasive Malware: Exposed and Deconstructed.” During that presentation, I’ll lead a discussion around the dramatic growth of evasive malware, the increasingly sophisticated behaviors observed in the past year, and what that means for enterprise security professionals and the processes, tools and techniques that they use to protect their organizations.

Read More

Topics: Evasive Malware, Malware Analysis, NGO, Antivirus Detection Rates, RSA 2015

Carbanak Malware — Ninety Five Percent Exhibits Stealthy or Evasive Behaviors

Posted by Dr. Christopher Kruegel on 2/19/15 12:00 PM

We’ve talked a lot about the increasing sophistication of malware and the serious threats it poses. But it’s rare to be able to analyze malware that is evasive or stealthy and has already been deployed in the wild to carry out cybercrime without being detected by in-place security systems for months.

From the Security Analyst Summit in Cancun this week, Kaspersky Labs published a report detailing a bank heist purported to rake in as much as $1 billion since late 2013 from banks around the world using a series of sophisticated attacks that may still be underway.

According to Kaspersky, Carbanak malware was deployed to infiltrate banks, take over ATMs, adjust balances and transfer funds via remote access. To better understand how the malware used in these attacks evaded detection by traditional security technology for so long, we took a closer look at all of the 74 Carbanak malware samples available to us through VirusTotal (nearly 70% of those listed in the report).

Read More

Topics: Evasive Malware, Bank Malware, Carbanak, Kaspersky Labs

How To Build An Effective Malware Analysis Sandbox

Posted by Dr. Christopher Kruegel on 3/26/14 5:53 PM

Automated malware analysis systems (or sandboxes) are one of the latest weapons in the arsenal of security vendors. Such systems execute an unknown malware program in an instrumented environment and monitor their execution. While such systems have been used as part of the manual analysis process for a while, they are increasingly used as the core of automated detection processes. The advantage of the approach is clear: It is possible to identify previously unseen (zero day) malware, as the observed activity in the sandbox is used as the basis for detection.

Read More

Topics: Malware Analysis Sandbox

Subscribe to Email Updates