VB2013 speaker spotlight

Posted by   Virus Bulletin on   Jul 12, 2013

We speak to James Wyke about his research interests and what he aims to bring to VB2013.

The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.

In the build-up to the event we are running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.

Today, we speak to James Wyke who will speak at VB2013 about some of the less well documented aspects of the ZeroAccess botnet.

Tell us a little bit about yourself - your job and your responsibilities.

James Wyke "I am a Senior Threat Researcher with Sophos in the UK. Generally speaking I spend my day carrying out in-depth analysis, identifying new and emerging threats, and coming up with novel and effective approaches to protection."

Can you give us a brief outline of what you will be speaking about at VB2013?

James Wyke "I will be delivering a presentation on the ZeroAccess botnet. I explore some of the less well documented aspects of the botnet and to what ends it is being employed. Areas that will be covered include: hiding command and control information in legitimate-seeming network traffic, using decoy URLs to blacklist researchers' IP addresses, and using bogus domain names to mislead analysis. I will also assess how much revenue ZeroAccess could be generating from BitCoin mining and click fraud."

Why is your presentation particularly relevant to the security community?

James Wyke "ZeroAccess is a huge botnet that has survived and thrived for a considerable amount of time. It is important to understand the mechanisms by which this has been achieved and to what purposes such an entity is put so that we can combat it now and attempt to prevent similar creations from reoccurring in the future."

What can delegates learn from your presentation?

James Wyke "Hopefully delegates will learn a few things they didn't know about one of the largest botnets in existence. "

What other presentations are you looking forward to?

James Wyke "'Behavioural detection of HTTP-based botnets' sounds particularly interesting, as does 'Using statistical analysis of DNS traffic to identify infections of unknown malware'."

What are you looking forward to about your trip to VB2013?

James Wyke "I have been to Berlin before, but didn't get to see much of it last time - it would be great to visit the zoo. Catching up with a few ex-colleagues will be fun, as will meeting new people - and drinking interesting beers in the bar is always enjoyable!"

James Wyke will present 'Back channels and bitcoins: ZeroAccess' secret C&C communications' at 12:00 on Wednesday 2 October.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.

VB2013 takes place 2-4 October 2013 in Berlin, Germany - online registration is now open - we'd love to see you there!

Posted on 12 July 2013 by Helen Martin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.

Spamhaus report shows many botnet controllers look a lot like legitimate servers

Spamhaus's annual report on botnet activity shows that botherders tend to use popular, legitimate hosting providers, domain registrars and top-level domains when setting up command-and-control servers.

Tips on researching tech support scams

As tech support scammers continue to target the computer illiterate through cold calling, VB's Martijn Grooten uses his own experience to share some advice on how to investigate such scams.