On 5-7 October, the 21st Virus Bulletin Conference was held, this year in Barcelona. VB Conferences have for 19 years now been annual fixtures on the international anti-malware calendar, with delegates comprised of dedicated anti-malware researchers, and security experts from government and military organizations, legal, financial and educational institutions and large corporations worldwide.
Who’s Who of IT Security
As per tradition, all the heavyweights from the IT security industry were in attendance this year in Spain. The most presentations – eight in total – came from Kaspersky Lab, and thereafter in descending order from ESET, BitDefender, Trend Micro, McAfee, Sophos, Microsoft, Symantec and AVG. Single presentations were given by Arbor Networks, Avast!, AVET, Commtouch, ComScore, F-Secure, Damballa, Fortinet, GFI Software, IBM, iThreats, OPSWAT and Verisign-iDefense.
The heaviest presence of Kaspersky Lab among delegates at this year’s Virus Bulletin Conference indicates its continued strong commitment to the vital technological expertise that forms the bedrock of its whole strategy as a world beating IT security firm.
This year the conference – the biggest ever in terms of numbers of presentations/discussions – was as usual split into two streams, one catering to technical, the other to corporate audiences, and covered a wide range of anti-malware and spam-related subjects.
Of particular note this year was the fact that a number of presentations were joint efforts of two or more companies and/or organizations. At VB Conferences such undertakings have always been the exception to the rule (one recent memorable occasion being Microsoft and Kaspersky Lab’s joint presentation on Stuxnet at VB2010). But this year a total of five such joint presentations were included in the program, reflecting well the current need for better cooperation - be it among IT security players, or between them and law enforcement authorities. Such closer cooperation has become increasingly necessary in the face of modern threats, where a pooling of resources and expertise simply makes better sense than everyone reinventing the wheel separately.
Examples of this year’s cooperation theme included the opening joint keynote speech from Bob Burls of the Central e-Crime Unit of London’s Metropolitan Police, and IT security don Mikko Hyppönen of F-Secure, titled “The m00p Investigation: Law Enforcement and the Anti-virus Industry Working in Partnership”. Another example was the panel that discussed the paper “Operation ShadySHARE - Towards Better Industry Collaboration”, made up of Alex Eckelberry of GFI Software, Dmitry Gryaznov of McAfee and Graham Cluley of Sophos, and moderated by Ryan Naraine of Kaspersky Lab. A principle conclusion of this discussion was that this year’s Shady RAT “incident” was more a matter of IT-security PR gone awry – plus pedantry and fuzziness regarding terminology – than nuts and bolts technical IT security.
Kaspersky Lab Highlights
Dmitry Bestuzhev of Kaspersky Lab Ecuador presented a paper entitled “A Look at the Cybercrime Ecosystem and the Way It Works”, in which he discussed the current IT black market structure and the business model used for transactions within it.
Fabio Assolini of KL Brazil gave a talk called “Bonnie and Clyde: the Crazy Lives of the Brazilian Bad Guys”, which told the story of the married cybercriminal couple who stole US$300,000 from a bank in a year.
In “Cleaning up the Net - a Tale of 100 Infected Websites”, Stefan Tanase of KL Romania explained what it takes to try and clean up, as the title suggests, 100 infected websites in the least time possible.
Timothy Armstrong of KL USA and Denis Maslennikov of KL Russia gave a joint presentation titled “Android Malware on the Rise”, highlighting the dangers associated with Android Market and how malware may proliferate through the misuse of a fragmented security architecture.
In his last-minute paper, “I Looked into the Eyes of Diablo and Found an Army of Girls”, Vicente Diaz of KL Spain provided a snapshot of how the use of social engineering on popular social networks for the propagation of malware and scam campaigns has emerged as the natural successor to traditional email-based phishing.
In his second talk – “Cell Phone Money Laundering” – Denis Maslennikov discussed money laundering via mobile phones in Russia, demonstrating the methods used by cybercriminals, how they make their money, and how much money they are making.
In “Firing the Roast - Java Is Heating up Again”, Kurt Baumgartner of KL USA examined and categorized the types of Java malcode in the wild over the past year, the obfuscation and anti-reversing techniques embedded in them, the Java components affected, and the best tools to tackle these challenges.
And finally, in “2020 Threats: Too Far Away to Discuss or Too Close to Ignore?”, Maksym Schipka of KL UK gave his predictions of what the anti-threat market in 2020 may look like - the kinds of threats and the types of products needed to combat them.
Further details of the proceedings at VB2011 and the program can be found at http://www.virusbtn.com/conference/vb2011/index