VB2013 last-minute papers and keynote announced

Posted by   Virus Bulletin on   Sep 13, 2013

Hot topics to be covered at VB conference in Berlin.

We thought that the 45 previously announced VB2013 papers, together with the panel discussion, already made for a really interesting conference programme, but this week has seen the addition of seven more exciting and topical presentations.

For the last seven years, we have set aside a section of the VB conference for 'last-minute' papers, the idea being that researchers submit proposals for these presentations very close to the conference itself, thus enabling them to cover topics that are as up-to-the-minute as possible.

The deadline for these papers closed last week - less than four weeks before the start of the conference - and the selection committee performed the non-trivial task of going to the submissions and selecting seven additions to the conference programme. Together they give a good impression of the threats that we as an industry have been fighting in recent months.

A subject that has made the headlines many times this year is DDoS attacks, with the one against Spamhaus perhaps the most prominent. CloudFlare's John Graham-Cumming will discuss this attack and DNS-amplification attacks in general, as well as what can be done to counter them, in his presentation Open DNS resolvers are to DDoS what open SMTP relays are to spam.

Another big DDoS attack took place on 25 June and targeted South Korean government and news websites. It was part of a longer-running and broader attack on the country, the purpose of which appears to have been the wiping of hard drives. Fortinet's Christy Chung and Kyle Yang will discuss these attacks in their presentation Reveal the facts behind the DDoS attack.

Botnets continue to be a problem in 2013 and sinkholing remains a popular way both to research them and to fight them. However, botherders aren't making this an easy task. Ross Gibb and Vikram Thakur, two researchers from Symantec, will talk about how they successfully sinkholed a peer-to-peer botnet in their presentation Lessons learned: sinkholing a peer-to-peer botnet.

Banking trojans do not seem to want to go away either. Hesperbot is a very advanced banking trojan, details on which weren't published until last week. In their presentation Hassle with Hesperbot: a new, sophisticated and very active banking trojan, ESET researchers Robert Lipovsky and Anton Cherepanov will provide the details of this trojan.

Another way in which malware authors make life difficult for researchers is by making their creations and their behaviour look as 'normal' as possible. Sophos researcher Gabor Szappanos will discuss three different ways in which this has been applied in APTs in his presentation Hide and seek - how targeted attacks hide behind clean applications.

In some cases, cybercrooks go even further in making researchers' lives difficult. In their presentation Working together to defeat attacks against AV automation, Microsoft researchers Hong Jia and Dennis Batchelder discuss how their and other AV vendors' automated systems were attacked to generate false positives.

And of course, mobile malware has been in the news throughout the year. In their paper Android - practical security from the ground up (which fittingly follows six other presentations on mobile malware) Google researchers Adrian Ludwig, Eric Davis and Jon Larimer will discuss the way the company tries to secure its Android platform against malware.

But no doubt the biggest security story of the year is the ongoing saga triggered by Edward Snowden's revelations on the mass surveillance programme performed by the NSA and some of their counterparts.

There will be few delegates without strong opinions on the morality of these programs and their implications for privacy and security on the Internet. But for an industry where the sharing of threat information - even among competitors - is second nature, the implications may be even more existential.

Should you share information with those who you know (or suspect) will share with governments? What if a government asks you to share customers' data, or to avoid detection for certain pieces of malware? What if they force you to do so?

We are excited to be welcoming ESET's Andrew Lee to the conference to discuss these and related questions in his keynote address Ethics and the AV industry in the age of WikiLeaks. Andrew is a veteran of the AV industry, but those who have seen him speak before (such as in his presentation on cyberwar at VB2012) will know that he speaks as passionately as if he had just had his computer infected for the very first time.

The full programme for the conference can be found here, and interviews with many of the presenters about their research interests and what they hope to bring to the conference can be read in the 'speaker spotlight' series of blog posts.

VB2013 runs from 2 to 4 October in Berlin, Germany.

Registration is still open, so why not join us for what promises to be an exciting event!

Posted on 13 September 2013 by Martijn Grooten



Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.