blog socialpreso (1)

Blogging and Social MediaSan Francisco, Jan. 9, 2014

Crushes malware. Restores confidence.


Malwarebytes Corporation, 10 Almaden Blvd. Tenth Floor, San Jose, CA 95113

Who We Are: Malware Intelligence

www.malwarebytes.org

In 2012 a crack computer security unit was assembled to work for Malwarebytes. These men promptly began writing about, analyzing and researching security threats all over the internet. If you have a problem - if no one else can help - and if you can find them - maybe you can hire:

The MIA-Team.



Who We Are: Malware Intelligence


Responsibilities

• Threat Research• Blogging• Intelligence Development• In-depth Analysis• Journalist Interviews• Reporting



Malware Intel: The Team


Adam Kujawa A.K.A EdisunSpecialty: Malware Reverse EngineeringLocation: San Antonio, TX

Unique Experience:• Advanced Persistent Threat• Threat Predictions• In-Depth Analysis from User to Code• Writing technical speak for the non-technical• Obsession with Time Travel and bad jokes

Time In Industry = Over 9 Years





Jerome Segura A.K.A. G-RoamerSpecialty: Online Scams / Threats HuntingLocation: Victoria, BC

Unique Experience:• Web Threats & Exploits• Phone Scammers• In-depth Network Analysis• Malware and Threat Hunting• An unrivaled love of cheese






Josh Cannell A.K.A J-DogSpecialty: Malware Reverse EngineeringLocation: Farmington, MO

Unique Experience:• Advanced Persistent Threat• Detection Development• In-Depth Sample Research• Malware Hunting• Interest in French Culture and Cheese






Jean-Phillipe Taggart A.K.A TinFoilHatSpecialty: Network Analysis and DevelopmentLocation: Victoria, BC

Unique Experience:• Web Threats & Server Attacks• Hacking Methodologies• Hardware Hacking and Safeguarding• Network Infrastructure Development and

Analysis• Best Tin Foil Hat builder in the West






Armando OrozcoSpecialty: Mobile Malware ResearchLocation: Broomfield, CO

Unique Experience:• Malware Reverse Engineering• Exploit and Shellcode Research• Behavioral, Desktop and Mobile Scanning

Technology• Mobile Malware Hunting• Trained by Shaolin Monks to Fight Malware

Without Ever Making A Sound






Chris Boyd A.K.A. PaperghostSpecialty: Online Threat HunterLocation: UNKNOWN

Unique Experience:• Consumer Security Expert• Veteran Conference Speaker• Spyware / Adware / RogueWare Investigator• Found first Rootkit in An IM Hijack• Is the GOD DA**ED BATMAN!






Pieter Arntz A.K.A MetallicaSpecialty: Malware Removal ExpertLocation: Rotterdam, Netherlands

Unique Experience:• Malware Analysis and Removal• Technical To Non-Technical Writing• Malware Analysis Teacher on Forums• More British than the Brits

Time in Industry = 15 Years





Cecile Nguyen A.K.A CeeloSpecialty: Social MediaLocation: Malwarebytes HQ

Unique Experience:• Facebook Facebooker• Twitter Tweeter• Hunter of unanswered MBAM Forum

questions• Hockey enforcer• Doge lover. Wow. Such Interest





Andy Brown A.K.A. Just AndySpecialty: Web Defence ResearchLocation: Dover, UK

Unique Experience:• Hunting malicious sites• Blocking and Defending Users• Liason with law enforcement• Experienced with Taking down malicious

hosts• Only understood by three people in the world

Time in Industry = 5 years





Steven Burn A.K.A MysteryFCMSpecialty: Web Defense ResearchLocation: Newcastle, UK

Unique Experience:• Hunting malicious sites• Blocking and Defending Users• Liason with law enforcement• Experienced with Taking down malicious

hosts• Understood by no one



Blogging Styles


Blitz BlogsShort blogs that reference pre-existing posts / stories from other bloggers / authors, not only advertising the news related to in the post but also putting our unique spin on the story.

Purpose: • Blog Post Population• Sharing of non original contentHow We Post:• Each author has an assigned Blitz day• If there is room, and a need, we post• Always link to original source• Keep posts short



Blogging Styles


Traditional (Blah) BlogsLonger blog posts that include original content i.e. Deep Analysis, Research, Opinions, etc.

Purpose: • Share new findings / threats with readers• Encourage conversations on topic• Bring in Media attention / leads to Malwarebytes.orgHow We Post:• Posted when completed depending on topic• Will usually be sent to PR for media inquiry before posting• Much longer and more detailed than Blitz blogs• May include interviews / questions from Media

….and what do we blog about?



Blogging Styles


What do we blog about?



PR Communication


We work closely with our PR firms to try and get our research / news out to the rest of the world via media outlets.

Interaction via Research / Press Yammer• We post docs / links to our blog posts with explanations• If we want media attention, we wait to post• Give PR folks time to reach out to journalists

Interviews / Opinions• Provide feedback on opinion pieces / articles Journalists are writing• Provide “expert” testimony on a variety of topics• Do TV / Radio / Press interviews if topic is hot enough



Research Methodologies


Our methods of finding topics for blog posts / deep analysis comes from a variety of sources, including:

• Research Team• Sales Team• Support Team• Tips from Users via Forums• Twitter Feed / News Sites• Honeypot Feed• Our own reckless search practices



Achievements


The blog has been going strong for over a year and a half and we have accomplished some great things:

• Over 2 Million views since launch• Numerous mentions in the Media including

• Online News Sites • Magazine Articles / Mentions• Radio / Television / Podcasts

• Development of Research Honeypot to track down and discover new malware families / variants and online threats



Statistics


May-12

Jun-12Jul-1

2

Aug-12

Sep-12

Oct-12

Nov-12

Dec-12

Jan-13

Feb-13

Mar-13

Apr-13

May-13

Jun-13Jul-1

3

Aug-13

Sep-13

Oct-13

Nov-13

Dec-13

0

50000

100000

150000

200000

250000

300000

Blog Hits

Month – Year

Hit

Coun

t



Challenges


While we have a great time writing the blog and making advances to Malwarebytes research abilities, it’s not without a fair amount of challenges.

Timing:• Time between when we discover something, when are ready to push it to the world

and when someone else discovers it and does the same are not always ideal.• It’s a tough racket.

Working with Journalists:• Some Journalists will be able to follow us on a technical level, most will not. • Challenges arise when a Journalist misunderstands and/or misattributes something

you are saying• Unfortunately, as to make sure we don’t look bad as a company, we have to

downplay some threats so Journalists won’t publish false information. (i.e. PUPs are bad but they aren’t new nor are they impossible to get rid of)

Understanding our Audience:• Audience ranges from novice to expert, who are we writing for?• Technical Simplicity vs. Community Reputation



New Systems


As our team and our spread has grown, so have our abilities, this is only the start however since there are great new efforts being done in the near future:

Intelligence Database• There is an entire spectrum of blog topics and threat research that can be

discovered with a smart database to collect the massive amount of data we take in• Such a system would allow statistical and threat analysis on a much larger scale as

well as help discover new strains of malware and make MBAM more effective.

Larger Honeypot Deployment:• The current honeypot is deployed via two systems in the “Victoria Office”.• Plans are being fleshed out for larger deployment to allow for more collection and in

turn, user protection.

Blog Interface Development• The blog has recently had a facelift thanks to David Crandall and Sid Bodalia• New features are planned for deployment that will increase user interaction,

simplify navigation and hopefully bring in more readers


Malwarebytes Corporation, 10 Almaden Blvd. Tenth Floor, San Jose, CA 95113www.malwarebytes.org

Any Questions?

Social MediaCecile Nguyen



Malwarebytes Social Channels


Facebook Google+

Reddit

YouTube

LinkedIn

Twitter

SpiceworksWordpress/Blog



Social Numbers


52%

37%

7%2%1%1%0%

Facebook Spiceworks Twitter G+ YouTube LinkedIn Reddit



Social Trend


Jan Feb March April May June July Aug Sept Oct Nov Dec100,000

101,000

102,000

103,000

104,000

105,000

106,000

107,000

108,000

109,000

110,000

Facebook



Social Trend


Jan Feb March April May June July Aug Sept Oct Nov Dec100,000

101,000

102,000

103,000

104,000

105,000

106,000

107,000

108,000

109,000

110,000

Facebook

MBAM Mobile

PUP policy change

MBAE Beta

Happy 5th B-day MBAM!

Techbench

False positive



Social for 2014


Just kidding!



Social for 2014


Instagram PinterestRedditTumblr

Get involved in: Increase activities in:

Thank You

Malwarebytes CorporationCrushes malware. Restores confidence.