VB2013 speaker spotlight

Posted by   Virus Bulletin on   Jul 12, 2013

We speak to James Wyke about his research interests and what he aims to bring to VB2013.

The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.

In the build-up to the event we are running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.

Today, we speak to James Wyke who will speak at VB2013 about some of the less well documented aspects of the ZeroAccess botnet.

Tell us a little bit about yourself - your job and your responsibilities.

James Wyke "I am a Senior Threat Researcher with Sophos in the UK. Generally speaking I spend my day carrying out in-depth analysis, identifying new and emerging threats, and coming up with novel and effective approaches to protection."

Can you give us a brief outline of what you will be speaking about at VB2013?

James Wyke "I will be delivering a presentation on the ZeroAccess botnet. I explore some of the less well documented aspects of the botnet and to what ends it is being employed. Areas that will be covered include: hiding command and control information in legitimate-seeming network traffic, using decoy URLs to blacklist researchers' IP addresses, and using bogus domain names to mislead analysis. I will also assess how much revenue ZeroAccess could be generating from BitCoin mining and click fraud."

Why is your presentation particularly relevant to the security community?

James Wyke "ZeroAccess is a huge botnet that has survived and thrived for a considerable amount of time. It is important to understand the mechanisms by which this has been achieved and to what purposes such an entity is put so that we can combat it now and attempt to prevent similar creations from reoccurring in the future."

What can delegates learn from your presentation?

James Wyke "Hopefully delegates will learn a few things they didn't know about one of the largest botnets in existence. "

What other presentations are you looking forward to?

James Wyke "'Behavioural detection of HTTP-based botnets' sounds particularly interesting, as does 'Using statistical analysis of DNS traffic to identify infections of unknown malware'."

What are you looking forward to about your trip to VB2013?

James Wyke "I have been to Berlin before, but didn't get to see much of it last time - it would be great to visit the zoo. Catching up with a few ex-colleagues will be fun, as will meeting new people - and drinking interesting beers in the bar is always enjoyable!"

James Wyke will present 'Back channels and bitcoins: ZeroAccess' secret C&C communications' at 12:00 on Wednesday 2 October.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.

VB2013 takes place 2-4 October 2013 in Berlin, Germany - online registration is now open - we'd love to see you there!

Posted on 12 July 2013 by Helen Martin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

The road to IPv6 is generally smooth but contains a few potholes

Most of the switch from IPv4 to IPv6 will happen seamlessly. But we cannot assume it won't introduce new security issues.

New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return four years ago, Office macros have been one of the most common ways to spread malware. Today, we publish a research paper which looks in detail at a campaign in which VBA macros are used to execute PowerShell code, which in turn…

VB2017 paper: Android reverse engineering tools: not the usual suspects

Within a few years, Android malware has grown from a relatively small threat to a huge problem involving more than three million new malware samples a year. Axelle Apvrille, one of the world's leading Android malware researchers, will deliver a…

Patch early, patch often, but don't blindly trust every 'patch'

Compromised websites are being used to serve fake Flash Player uploads that come with a malicious payload.

Virus Bulletin at RSA

Next week, VB Editor Martijn Grooten will be at the RSA Conference in San Francisco.