"Over the past year, Trustwaves SpiderLabs malware team has been continually reminded why we love our jobs-we get to play with malware. But not just any malware. No, we get to reverse engineer and analyze malware from targeted incident response cases. This opportunity allows us to see what criminals are doing at a very intimate level. Now before you ask, no, Im not saying we call them up and take them out to a romantic dinner. What I mean is that we get to see what actual criminals are doing at real businesses that have been compromised. In addition, these samples are often quite unknown, and in almost all cases, undetected by a large number of antivirus solutions. This presentation hopes to inform others about some of the more interesting malware samples weve seen in the past year. Techniques regarding what data is being targeted, how this data is extracted, exfiltrated, and in many cases, encrypted will be discussed. Additionally, we'll take the information gleaned from these samples along with other data gathered to profile these attackers. Are these attacks really the result of state-sponsored super spies that everyone reads about in the news? Or, is it simply the result of people finding tools on local underground forums that get lucky while performing a scan against a public /8 ? Since a number of confidential samples will be discussed, a number of precautions will be taken. Client names will not be discussed, and the samples themselves may be modified to protect the innocent and not tip off the guilty. While this is a necessary evil, the overall core concepts to the samples will remain intact, and you will leave the presentation knowing a bit more about the technical aspects of malware used in successful compromises, along with insight into the people running them."