Posted by Virus Bulletin on Jul 12, 2013
We speak to James Wyke about his research interests and what he aims to bring to VB2013.
The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.
In the build-up to the event we are running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.
Today, we speak to James Wyke who will speak at VB2013 about some of the less well documented aspects of the ZeroAccess botnet.
Tell us a little bit about yourself - your job and your responsibilities.
"I am a Senior Threat Researcher with Sophos in the UK. Generally speaking I spend my day carrying out in-depth analysis, identifying new and emerging threats, and coming up with novel and effective approaches to protection."
Can you give us a brief outline of what you will be speaking about at VB2013?
"I will be delivering a presentation on the ZeroAccess botnet. I explore some of the less well documented aspects of the botnet and to what ends it is being employed. Areas that will be covered include: hiding command and control information in legitimate-seeming network traffic, using decoy URLs to blacklist researchers' IP addresses, and using bogus domain names to mislead analysis. I will also assess how much revenue ZeroAccess could be generating from BitCoin mining and click fraud."
Why is your presentation particularly relevant to the security community?
"ZeroAccess is a huge botnet that has survived and thrived for a considerable amount of time. It is important to understand the mechanisms by which this has been achieved and to what purposes such an entity is put so that we can combat it now and attempt to prevent similar creations from reoccurring in the future."
What can delegates learn from your presentation?
"Hopefully delegates will learn a few things they didn't know about one of the largest botnets in existence. "
What other presentations are you looking forward to?
"'Behavioural detection of HTTP-based botnets' sounds particularly interesting, as does 'Using statistical analysis of DNS traffic to identify infections of unknown malware'."
What are you looking forward to about your trip to VB2013?
"I have been to Berlin before, but didn't get to see much of it last time - it would be great to visit the zoo. Catching up with a few ex-colleagues will be fun, as will meeting new people - and drinking interesting beers in the bar is always enjoyable!"
James Wyke will present 'Back channels and bitcoins: ZeroAccess' secret C&C communications' at 12:00 on Wednesday 2 October.
The full programme for VB2013, including abstracts for each paper, can be viewed here.
Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.