Mexican Chapter - Chapter Status Report For 2014

ORGANIZATION:
Hugo Gonzalez : Chapter lead, Android malware
Rafael Llamas : Awareness and training programs
Francisco Ordaz : Awareness program
Armin Garcia : Contributor, Network Security
 
DEPLOYMENTS:
In participation with the Canadian Chapter we have:

  • Conpot honeypot
  • Tomcat honeypot

From this two honeypots, we do not have interesting information yet. Short history about tomcat honeypot : We have a tomcat server compromised at UNB. After forensic analysis we could not determine the entrance of the attackers, so we set a similar server and wait for the attackers. That never happens, so our believe is that the password of the compromised server was the problem.
 
Based on a paper published we have a service on beta for Android Malware similarity detection. [1]
There are some tools to help on the Android malware analysis, the code will be released after Stavanger.
 
RESEARCH AND DEVELOPMENT:
 
None of the projects is open source yet. But usually we post reports about Android malware analyzed on a personal Blog. http://asrevni.blogspot.ca/
 
PAPERS, PRESENTATIONS AND COMMUNITY ENGAGEMENTS:
 
Hugo Gonzalez attended to the 2014 Workshop in Warsaw and gave a fast talk about androguard and Droidbox.
* We got a student paper accepted on a Latin America conference CONCAPAN 2014, it is in Spanish. The title translation is : “Comparative analysis of banking malware” [2]
* We are collaborating with the local police enforcement in cyber security awareness and forensic investigations.
In participation with the Canadian Chapter we have the following paper:
* DroidKin: Lightweight Detection of Android Apps Similarity [3]
 

FINDINGS:
 
* About the evolution of botnets and malware in Android. Hugo Gonzalez will be presenting at the 2015 Workshop in Stavanger.
* About the level or reused code in general in the Android ecosystem. Almost 50% of the apps analysed contain code from the Android Framework or well known libraries and Ads SDKs.
 
GOALS:
 
* In 2014 we engaged with other chapters to do research on Android malware.
* In 2015 we will release the code for the tools that help on Android malware analysis. We will incorporate more contributors and/or members this year.
 
MISC:
* Discussions with other members about Android Malware and IPv6 security in the 2014 workshop in Poland.
* Mentoring projects for GSoC 2015.
 
[1]  http://ge128m22.cs.unb.ca/droidkin/
[2] http://dx.doi.org/10.1109/CONCAPAN.2014.7000412
[3] www.researchgate.net/profile/Hugo_Gonzalez/publication/266327670_DroidKin_Lightweight_Detection_of_Android_Apps_Similarity/links/54c25faa0cf256ed5a8cd690.pdf