Throwback Thursday: Ten memorable Virus Bulletin conference presentations - part 2

Posted by    on   Aug 10, 2017

With an excellent conference programme featuring some of the top experts in the IT security industry and covering some of the most important topics, we have much to look forward to when it comes to VB2017, the 27th Virus Bulletin conference. But we also often look back at past conference presentations, not just because we are proud to have had them presented at our conference, but because their content is still very relevant today.

In the second of a two-part blog series (part 1 here), I look back at ten memorable Virus Bulletin Conference presentations from the last decade.

Throwback-Thursday-VB.jpg


Evaluating anti-virus products with field studies

With more than two decades' worth of experience testing security products, the subject of testing is one that is dear to our hearts at Virus Bulletin, and one that regularly appears on the conference programme. One paper on testing that particularly stands out for me is that of École Polytechnique de Montréal researchers Fanny Lalonde Lévesque, Carlton R. Davis and José M. Fernandez, presented by the latter at VB2012 in Dallas.

In the paper, the researchers described what must have been the most realistic anti-virus test ever: a study that looked at real people, using their own machines, to gauge the effectiveness of the products being tested. Though unfortunately this methodology scales very badly – which means it has never been used in a real test – I find it useful to keep it at the back of my mind when working on VB's tests, as it does set some kind of gold standard.

Android – practical security from the ground up

Although the VB2013 last-minute paper from Google's Adrian Ludwig covered much more than statistics on Android malware, this is the part that was picked up by the press: there is barely any malware on Android. It was also the part that led to strong criticism from the audience in Berlin.

Adrian was right: only a very small percentage of Android apps are malicious, especially if you only look at apps downloadable through Google's official Play Store. But the problem isn't non-existent, and these days Google is ready to admit that. Last year at VB2016, members of the Android team delivered a Small Talk on Android malware and on how they can work with the security community to fight this threat, while at the most recent Black Hat conference, Google researchers themselves revealed a very targeted malware campaign targeting Android.

Apple without a shell – iOS under targeted attack

Let's be honest: because iOS malware is so rare, talks on possible attack vectors against the operating system always have a certain 'coolness' factor. But the paper presented by Tao Wei and his FireEye colleagues at VB2014 in Seattle didn't just describe a theoretical attack: the use of enterprise provisioning profiles to distribute malicious apps was observed shortly after the conference in the Wirelurker malware.

Wei-3.jpg


The ethics and perils of APT research: an unexpected transition into intelligence brokerage

When I joined VB a decade ago, the security industry was making the shift from fighting malware written by the proverbial kid in their parents' basement to tools written by professional criminals with a clear financial motive. Although (cyber)criminals remain a prominent adversary, the rise of state-sponsored attacks has turned many a security researcher into an intelligence broker.

This shift was discussed in a thought-provoking paper presented at VB2015 in Prague by Juan Andrés Guerrero-Saade who, as part of Kaspersky's GReAT team, has played an active role in the uncovering of many state-sponsored attacks.


BlackEnergy – what we really know about the notorious cyber attacks

One very prominent state-sponsored attack group is that behind the BlackEnergy malware family, which became well known for causing massive power outages in Ukraine in December 2015. ESET researchers Robert Lipovsky and Anton Cherepanov have been following BlackEnergy for a number of years now, and have spoken about it at various Virus Bulletin conferences, most recently last year at VB2016 in Denver.

Figure6-blackenergy_dodatok1_decoy_prosecutor.jpg

 

No doubt, several of the talks on the VB2017 programme will prove to be just as memorable when we look back in a few years' time. There are still 10 last-minute speaker slots left to fill, so submit your hot research for a chance to present it in Madrid (deadline 3 September 20017).

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2018 paper: Tracking Mirai variants

Today, we publish the VB2018 paper by Qihoo 360 researchers Ya Liu and Hui Wang, on extracting data from variants of the Mirai botnet to classify and track variants.

VB2018 paper: Hide'n'Seek: an adaptive peer-to-peer IoT botnet

2018 has seen an increase in the variety of botnets living on the Internet of Things - such as Hide'N'Seek, which is notable for its use of peer-to-peer for command-and-control communication. Today, we publish the VB2018 paper by Bitdefender…

New paper: Botception: botnet distributes script with bot capabilities

In a new paper, Avast researchers Jan Sirmer and Adolf Streda look at how a spam campaign sent via the Necurs botnet was delivering the Flawed Ammyy RAT. As well as publishing the paper, we have also released the video of the reseachers' VB2018…

VB2018 video: Behind the scenes of the SamSam investigation

Today we have published the video of the VB2018 presentation by Andrew Brandt (Sophos) on the SamSam ransomware, which became hot news following the indictment of its two suspected authors yesterday.

VB2018 video: Foreverdays: tracking and mitigating threats targeting civil society orgs

Today, we publish the video of the VB2018 presentation by CitizenLab researchers Masashi Nishihata and John Scott Railton, on threats faced by civil society.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.