Mexican Chapter - Chapter Status Report For 2014

Hugo Gonzalez : Chapter lead, Android malware
Rafael Llamas : Awareness and training programs
Francisco Ordaz : Awareness program
Armin Garcia : Contributor, Network Security
In participation with the Canadian Chapter we have:

  • Conpot honeypot
  • Tomcat honeypot

From this two honeypots, we do not have interesting information yet. Short history about tomcat honeypot : We have a tomcat server compromised at UNB. After forensic analysis we could not determine the entrance of the attackers, so we set a similar server and wait for the attackers. That never happens, so our believe is that the password of the compromised server was the problem.
Based on a paper published we have a service on beta for Android Malware similarity detection. [1]
There are some tools to help on the Android malware analysis, the code will be released after Stavanger.
None of the projects is open source yet. But usually we post reports about Android malware analyzed on a personal Blog.
Hugo Gonzalez attended to the 2014 Workshop in Warsaw and gave a fast talk about androguard and Droidbox.
* We got a student paper accepted on a Latin America conference CONCAPAN 2014, it is in Spanish. The title translation is : “Comparative analysis of banking malware” [2]
* We are collaborating with the local police enforcement in cyber security awareness and forensic investigations.
In participation with the Canadian Chapter we have the following paper:
* DroidKin: Lightweight Detection of Android Apps Similarity [3]

* About the evolution of botnets and malware in Android. Hugo Gonzalez will be presenting at the 2015 Workshop in Stavanger.
* About the level or reused code in general in the Android ecosystem. Almost 50% of the apps analysed contain code from the Android Framework or well known libraries and Ads SDKs.
* In 2014 we engaged with other chapters to do research on Android malware.
* In 2015 we will release the code for the tools that help on Android malware analysis. We will incorporate more contributors and/or members this year.
* Discussions with other members about Android Malware and IPv6 security in the 2014 workshop in Poland.
* Mentoring projects for GSoC 2015.