MoMusings

Well the annual Virus Bulletin International conference has come and gone again. This year it was held in Dublin, Ireland between the 5th and 7th of October. The change this year was a move to extending the conference to an ‘almost 3 day’ format.

As usual there were over thirty top speakers there to present their papers. These ranged from discussing ‘Symbian Malware’ to panel discussions on ‘Who is hiding the virus writers’ and ‘Dying for information in the information age’. There were numerous excellent technical and corporate presentations.

The ‘Technical’ stream was once again the most interesting (from my perspective), although I did sit in on several ‘Corporate’ stream presentations as well.

Tuesday the 4th - Pre-conference activities:
I took part in the AVIEWS/AVIEN discussing the upcoming ‘Virtual Conference’ amongst other topics and general chit-chat, such as catching up with old friends.

The following were the top presentations that caught my interest:

Day 1 - October 5th:
We kicked off early in the morning with a number of vendor presentations. The ones I managed to see were the ones from Eset [Presented by Andrew Lee] and Trend [Presented by David Perry]. As usual David’s presentation was both informative and very funny. He also made some very nice comments about my paper during his talk.

The conference officially started at 14:00 with Helen Martin’s Welcome pitch. The conference them split into two streams [as usual], one being the technical stream and the other being the corporate stream.

The keynote presentations for each stream were:

• Technical: Igor Muttik talking about ‘Manipulating the Internet’.
• Corporate: Martin Overton talking about ‘Bots and Botnets: risks, issues and prevention’.

From 16:20 and for rest of the afternoon I was chairing sessions in the ‘Technical Stream’. Both of these talks were interesting. The talks were about ‘Tracing execution paths’ and ‘Defeating polymorphism: beyond emulation’.

I also participated in a ‘Round Table’ session on ‘Malware Trends’ after the end of the day’s presentations. Although this was interesting and lively, the down side was that 3 of the 4 invited guests were misquoted by the press. As usual, this caused a certain amount of annoyance to those affected. But, this is a known [and grudgingly accepted] risk when dealing with the press.

After that a well deserved drink was had by all at the ‘Welcome Drinks’ event [Guinness and Jameson, of course], and this spilled over into another ‘Private Drinks’ session after the official VB ‘Welcome’ party finished.

Day 2 - October 6th:
As usual on the second day I spent the whole day in the technical stream. The following caught my interest:

• Solving the Bagle jigsaw - Scott Molenkamp and Hamish O’dea.
• The evolution of malicious IRC bots - John Canavan.
• What makes Symbian malware tick - Jarno Niemela.
• Hide ‘n seek revisited - full stealth is back - Kimmo Kaslin et al.
• Dying for information in the information age - Gaby Dowling [I was a panel member on this session].

The day was finished off by the ‘Gala Dinner’, which is always a good event. As usual we were entertained by a local act. In this case it was a ‘Riverdance’ type troupe of dancers.

Day 3 - October 7th:
I split my day between the technical and corporate stream as there were a number of interesting looking talks I wanted to attend. These were the ones that I found most interesting:

• Genotype spam detection - Dmitry Samosseiko.
• Why user authentication is a bad idea - Nick Fitzgerald.
• Psuedo-words for spam filtering in an unmodified Naïve Bayesian text classifier - John Graham-Cumming.
• The strange case of Judith C. - David Perry.
• Techniques of adware and spyware - Eric Chien.

Conclusion:
VB2005 was the best attended of the VB conferences over the last 5 years or so (380 delegates), lots of new faces, lots of old faces too. This has helped to keep VB fresh and interesting and, as far as I’m concerned, the best security conference for the area that I’m interested in, and long may it stay that way!

If you are interested in security and malware/anti-malware and related things then this is a must attend conference!

For those that are interested, the paper I presented at this conference can be found here: http://arachnid.homeip.net/papers/

This covers Bots and Botnets, discussing what they are, how they work, the risks they bring and what techniques and methodologies you can use to help counter them.