Posted by Virus Bulletin on Sep 13, 2013
Hot topics to be covered at VB conference in Berlin.
We thought that the 45 previously announced VB2013 papers, together with the panel discussion, already made for a really interesting conference programme, but this week has seen the addition of seven more exciting and topical presentations.
For the last seven years, we have set aside a section of the VB conference for 'last-minute' papers, the idea being that researchers submit proposals for these presentations very close to the conference itself, thus enabling them to cover topics that are as up-to-the-minute as possible.
The deadline for these papers closed last week - less than four weeks before the start of the conference - and the selection committee performed the non-trivial task of going to the submissions and selecting seven additions to the conference programme. Together they give a good impression of the threats that we as an industry have been fighting in recent months.
A subject that has made the headlines many times this year is DDoS attacks, with the one against Spamhaus perhaps the most prominent. CloudFlare's John Graham-Cumming will discuss this attack and DNS-amplification attacks in general, as well as what can be done to counter them, in his presentation Open DNS resolvers are to DDoS what open SMTP relays are to spam.
Another big DDoS attack took place on 25 June and targeted South Korean government and news websites. It was part of a longer-running and broader attack on the country, the purpose of which appears to have been the wiping of hard drives. Fortinet's Christy Chung and Kyle Yang will discuss these attacks in their presentation Reveal the facts behind the DDoS attack.
Botnets continue to be a problem in 2013 and sinkholing remains a popular way both to research them and to fight them. However, botherders aren't making this an easy task. Ross Gibb and Vikram Thakur, two researchers from Symantec, will talk about how they successfully sinkholed a peer-to-peer botnet in their presentation Lessons learned: sinkholing a peer-to-peer botnet.
Banking trojans do not seem to want to go away either. Hesperbot is a very advanced banking trojan, details on which weren't published until last week. In their presentation Hassle with Hesperbot: a new, sophisticated and very active banking trojan, ESET researchers Robert Lipovsky and Anton Cherepanov will provide the details of this trojan.
Another way in which malware authors make life difficult for researchers is by making their creations and their behaviour look as 'normal' as possible. Sophos researcher Gabor Szappanos will discuss three different ways in which this has been applied in APTs in his presentation Hide and seek - how targeted attacks hide behind clean applications.
In some cases, cybercrooks go even further in making researchers' lives difficult. In their presentation Working together to defeat attacks against AV automation, Microsoft researchers Hong Jia and Dennis Batchelder discuss how their and other AV vendors' automated systems were attacked to generate false positives.
And of course, mobile malware has been in the news throughout the year. In their paper Android - practical security from the ground up (which fittingly follows six other presentations on mobile malware) Google researchers Adrian Ludwig, Eric Davis and Jon Larimer will discuss the way the company tries to secure its Android platform against malware.
But no doubt the biggest security story of the year is the ongoing saga triggered by Edward Snowden's revelations on the mass surveillance programme performed by the NSA and some of their counterparts.
There will be few delegates without strong opinions on the morality of these programs and their implications for privacy and security on the Internet. But for an industry where the sharing of threat information - even among competitors - is second nature, the implications may be even more existential.
Should you share information with those who you know (or suspect) will share with governments? What if a government asks you to share customers' data, or to avoid detection for certain pieces of malware? What if they force you to do so?
We are excited to be welcoming ESET's Andrew Lee to the conference to discuss these and related questions in his keynote address Ethics and the AV industry in the age of WikiLeaks. Andrew is a veteran of the AV industry, but those who have seen him speak before (such as in his presentation on cyberwar at VB2012) will know that he speaks as passionately as if he had just had his computer infected for the very first time.
The full programme for the conference can be found here, and interviews with many of the presenters about their research interests and what they hope to bring to the conference can be read in the 'speaker spotlight' series of blog posts.
VB2013 runs from 2 to 4 October in Berlin, Germany.