In 2003, the concept of the age-old megavirus changed. Agobot, Sasser, Berbew, Haxdoor, mitgleider, and many more that some will never hear about have been flying across IDS systems for the past two years. This type of malicious software contains certain unique elements and arrive in multiple variants enabling a more clandestine-like activity, as well as prolonging the lifespan of effectivity thwarting detection by AV vendors. Can reasonable [or practical] counter-measures be built? Signature updates are pointless against most of these vendors, as the multiple variants overwhelm resources and AV vendors have become "worn out bandages". This BoF session will focus on aggressive network defense and practical counter-malware techniques including building auto-analysis methods and automated reverse-engineering to enable incident response teams to not only prevent malware, but understand and mitigate the impact that these "fraud-focused" trojans inflict by compromising their client-side customers. Lance James is the Chief Technology Officer of Secure Science Corporation (SSC), a company dedicated to providing advanced technology solutions to data security market segment. He frequently lectures at educational institutions throughout the San Diego area on "Security & Cryptography in Data Communications", and heads SSC's Global Surveillance Center (GSC) and External Threat Assessment Team (ETAT), specifically focused on forensics that enable tracking of phishers. Additionally, Lance is the creator of InvisibleNet, a distributed pseudonymous framework for real-time communication on the internet. On his off-time, he reads, analyzes protocols, plays music, and enjoys life with his family in Southern California. Lance is finishing up his first book for Syngress Publishing entitled 'Phishing Exposed'.