VB2013 last-minute papers and keynote announced

Posted by   Virus Bulletin on   Sep 13, 2013

Hot topics to be covered at VB conference in Berlin.

We thought that the 45 previously announced VB2013 papers, together with the panel discussion, already made for a really interesting conference programme, but this week has seen the addition of seven more exciting and topical presentations.

For the last seven years, we have set aside a section of the VB conference for 'last-minute' papers, the idea being that researchers submit proposals for these presentations very close to the conference itself, thus enabling them to cover topics that are as up-to-the-minute as possible.

The deadline for these papers closed last week - less than four weeks before the start of the conference - and the selection committee performed the non-trivial task of going to the submissions and selecting seven additions to the conference programme. Together they give a good impression of the threats that we as an industry have been fighting in recent months.

A subject that has made the headlines many times this year is DDoS attacks, with the one against Spamhaus perhaps the most prominent. CloudFlare's John Graham-Cumming will discuss this attack and DNS-amplification attacks in general, as well as what can be done to counter them, in his presentation Open DNS resolvers are to DDoS what open SMTP relays are to spam.

Another big DDoS attack took place on 25 June and targeted South Korean government and news websites. It was part of a longer-running and broader attack on the country, the purpose of which appears to have been the wiping of hard drives. Fortinet's Christy Chung and Kyle Yang will discuss these attacks in their presentation Reveal the facts behind the DDoS attack.

Botnets continue to be a problem in 2013 and sinkholing remains a popular way both to research them and to fight them. However, botherders aren't making this an easy task. Ross Gibb and Vikram Thakur, two researchers from Symantec, will talk about how they successfully sinkholed a peer-to-peer botnet in their presentation Lessons learned: sinkholing a peer-to-peer botnet.

Banking trojans do not seem to want to go away either. Hesperbot is a very advanced banking trojan, details on which weren't published until last week. In their presentation Hassle with Hesperbot: a new, sophisticated and very active banking trojan, ESET researchers Robert Lipovsky and Anton Cherepanov will provide the details of this trojan.

Another way in which malware authors make life difficult for researchers is by making their creations and their behaviour look as 'normal' as possible. Sophos researcher Gabor Szappanos will discuss three different ways in which this has been applied in APTs in his presentation Hide and seek - how targeted attacks hide behind clean applications.

In some cases, cybercrooks go even further in making researchers' lives difficult. In their presentation Working together to defeat attacks against AV automation, Microsoft researchers Hong Jia and Dennis Batchelder discuss how their and other AV vendors' automated systems were attacked to generate false positives.

And of course, mobile malware has been in the news throughout the year. In their paper Android - practical security from the ground up (which fittingly follows six other presentations on mobile malware) Google researchers Adrian Ludwig, Eric Davis and Jon Larimer will discuss the way the company tries to secure its Android platform against malware.

But no doubt the biggest security story of the year is the ongoing saga triggered by Edward Snowden's revelations on the mass surveillance programme performed by the NSA and some of their counterparts.

There will be few delegates without strong opinions on the morality of these programs and their implications for privacy and security on the Internet. But for an industry where the sharing of threat information - even among competitors - is second nature, the implications may be even more existential.

Should you share information with those who you know (or suspect) will share with governments? What if a government asks you to share customers' data, or to avoid detection for certain pieces of malware? What if they force you to do so?

We are excited to be welcoming ESET's Andrew Lee to the conference to discuss these and related questions in his keynote address Ethics and the AV industry in the age of WikiLeaks. Andrew is a veteran of the AV industry, but those who have seen him speak before (such as in his presentation on cyberwar at VB2012) will know that he speaks as passionately as if he had just had his computer infected for the very first time.

The full programme for the conference can be found here, and interviews with many of the presenters about their research interests and what they hope to bring to the conference can be read in the 'speaker spotlight' series of blog posts.

VB2013 runs from 2 to 4 October in Berlin, Germany.

Registration is still open, so why not join us for what promises to be an exciting event!

Posted on 13 September 2013 by Martijn Grooten



Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.