Péter Szőr Award

The Annual Péter Szőr Award for Technical Security Research

In November 2013, the security community lost one of its brightest lights with the death of security researcher and VB advisory board member Péter Szőr.

As a way of celebrating Péter's life and work on an ongoing basis, and keeping his memory alive, VB set up an annual award, which is known as the "Péter Szőr Award".


The award aims to recognise the best piece of technical security research published each year. Nominations for the award are sought from the security community at large, and a final shortlist voted on by the VB advisory board. The award is presented each year at the annual VB conference.

Péter Szőr contributed almost 40 articles to Virus Bulletin over the years, spoke at several VB conferences, and served for more than ten years on the VB advisory board. Péter was also well known as the author of the popular The Art of Computer Virus Research and Defense — a book which, for many, served as their first introduction to and basic grounding in computer security. Most importantly, he was known by everyone who encountered him for his great kindness and generosity.


2024 Award

Nominations for the 2024 Péter Szőr Award will open in July 2024; the award will be presented at VB2024 in Dublin.



Past winners



"BlackLotus UEFI bootkit: Myth confirmed" by Martin Smolár (published here).

The award was presented at VB2023 in London. The other shortlisted finalist was:

  • Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine by Palo Alto Networks Unit 42 (published here).



CryptoRom Bitcoin swindlers target vulnerable iPhone and Android users by Jagadeesh Chandraiah & Xinran Wu at Sophos (published here, here and here)

The award was presented during 2022 in Prague. The other shortlisted nominees were:

  • Russian APT29 hackers' use of online storage services, DropBox and Google Drive - Mike Harbison & Pete Renals (Unit 42, Palo Alto Networks)
  • CHERNOVITE's PIPEDREAM malware targeting industrial control systems - Dragos Global Intelligence Team
  • SecurityScorecard's discovery of 'Zhadnost', responsible for Ukraine DDoS attacks - Ryan Slaney (SecurityScorecard)



DNS Hijacking Abuses Trust in Core Internet Service by Cisco Talos (published here)

The award was presented during VB2019 in London. The other shortlisted nominees were:

  • Matrix: a low-key targeted ransomware by Luca Nagy, Sophos
  • LoJax First UEFI rootkit found in the wild, courtesy of the Sednit group by ESET Research



ShadowPad – poisoned server management software targeting corporate networks by the Global Research and Analysis Team (GReAT) at Kaspersky Lab (published here)

The award was presented during VB2018 in Montreal. The other shortlisted nominees were:

  • Korea In The Crosshairs  by Warren Mercer and Paul Rascagnères
  • Spreading Technique and Deception Based Detection by Abhishek Singh



AKBuilder – the crowdsourced exploit kit by Sophos researcher Gabor Szappanos (published here).

The award was presented during VB2017 in Madrid. The other shortlisted nominees were:

  • Iran threats by Collin Anderson & Claudio Guarnieri
  • The first collision for full SHA-1 by Marc Stevens (CWI Amsterdam), Elie Bursztein (Google Research), Pierre Karpman (CWI Amsterdam), Ange Albertini (Google Research) & Yarik Marko (Google Research)



Mofang: A politically motivated information stealing adversary by Fox-IT researcher Yonathan Klijnsma (published here).

The award was presented during VB2016 in Denver. The other nominees were:

  • Reversing Internet of Things from Mobile Applications by Axelle Apvrille (Fortinet)
  • Targeted ransomware no longer a future threat by Andrew Furtak and Christiaan Beek (Intel Security)
  • Lucrative Ransomware Attack: Analysis of the CryptoWall Version 3 Threat by Ryan Sherstobitoff (Intel Security), Christiaan Beek (Intel Security), Josh Grunzweig (Palo Alto Networks), Jinghao Li (Symantec) and Aamir Lakhani (Fortinet)
  • Distributing the Reconstruction of High-Level IR for Large Scale Malware Analysis by Alex Matrosov (Intel Security), Eugene Rodionov (ESET), Gabriel Negreira Barbosa (Intel Security) and Rodrigo Rubira Branco (Intel Security)



Catch Me if You Can by Intel Security researchers Anand Bodke, Abhishek Karnik, Sanchit Karve and Raj Samani (research described here).

The award was presented during VB2015 in Prague. The other nominees were:

  • Operation 'Oil Tanker' - The Phantom Menace by Luis Corrons (PandaLabs)
  • Mobile Users Exposed: SSL/TLS Vulnerabilities Live by Carlos Castillo, Alex Hinchliffe and Rick Simon (Intel Security)
  • Chinese Chicken: Multiplatform DDoS Botnets by Peter Kalnai and Jaromir Horejsi (Avast Software)



Operation Windigo by ESET researchers Olivier Bilodeau, Pierre-Marc Bureau, Joan Calvet, Alexis Dorais-Joncas, Marc-Etienne Léveillé and Benjamin Vanheuverzwijn (published here).

The award was presented during VB2014 in Seattle, WA, USA. The other nominees were:

  • Security Applications of Formal Language Theory by Len Sassaman, Meredith Patterson and Sergey Bratus
  • Research on 'Hacking Team' spyware by Citizen Lab
  • A journey to abused FTP sites by Hendrik Adrian of MalwareMustDie


VB Conference

VB2024 Dublin

2 - 4 October 2024

VB Conference Testimonials

Some of the comments made by delegates of recent VB Conferences

Conference Archive

Details of past VB conferences

Péter Szőr Award

The Annual Péter Szőr Award for Technical Security Research

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.