About Me

Alex Hinchliffe

Alex Hinchliffe

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Live from VB2007 – part 2

Thursday, September 20, 2007 at 4:23pm by Alex Hinchliffe
Alex Hinchliffe

Welcome, from the capital of Austria and the floor of the second day of the 2007 VirusBulletin conference. Today has proved another exciting day in the Anti-Malware world with presentations from our very own Joe Telafici and Dmitry Gryaznov co-presenting on how the AV community are DoS-ing themselves by collecting and swapping malware.

Joe and Dmitry on stage

Joe and Dmitry on stage
In addition Dmitry presented, on behalf of Ahmed Sallam, the topic of “Terminating Hidden Processes”. This topic was very interesting and covered the popular tactic used by rootkits to hide their process from user land applications. A side effect of this is that the termination of this hidden process can cause serious instability in the operating system and often BSODs if a new application is launched post termination. This instability occurs because the pointers to and from one process to another are manipulated by the rootkit. Ahmed’s paper contained suggestions on fixes to this problem and how our Rootkit Detective is not affected.

In some shameless self-promotion my (first VirusBulletin) presentation from yesterday was referenced no less than three times today by other security professionals. Josh Harriman (Symantec) mentioned it this morning when referring to remediation of more complex threats, whilst Roel Schouwenberg (Kaspersky) mentioned it during his last-minute presentation on “Targeted banker malware on demand” (referring to a variant of W32/Alvabrig) as too did Kurt Baumgartner (PC Tools) in his presentation “Storm – Malware 2.0 has arrived”.

Me discussing a patched wininet.dll file

Me discussing a patched wininet.dll file
A special event occurred today – the introduction of last-minute presentations! Based on feedback from last year’s VirusBulletin conference it was agreed that, in order to encourage papers and presentations covering up-to-the-minute malware and research topics, security professionals were invited to submit papers just two weeks before the conference itself. Eight presentations (of 20 minutes each) ran back to back in the technical stream of this afternoon’s schedule. All the presentations were good and indeed most were very topical.

Tonight is the gala dinner and cabaret, which should be very entertaining, so until tomorrow it’s goodbye from me!

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • Helen Martin September 24, 2007 2:33AM

    In response to Paperghost, as the organizer of VB2007 I would like to make it known that we solicited the opinions of several members of the anti-malware industry, past attendees of VB conferences and past speakers at VB conferences when planning the last-minute presentations feature of the conference.

    Opinion was _unanimous_ that submissions should be accepted as late as 2 weeks prior to the conference in order to achieve presentations that were as up-to-the-minute as they possibly could be. The whole idea of the last-minute presentations was to get away from the early deadline constraints involved with regular papers, and to make these ones as current as possible.

    Initially it was assumed that those submitting ideas for the last-minute presentations would be people who were already registered for the conference – thus they would already have made their travel arrangements. In fact, it turned out that we received submissions from a large number of people who had not registered for the conference, as well as those who were already booked in.

    In the event, only one of the selected speakers was unable to attend (due to visa issues), but his paper was presented by a colleague, thus all eight of the last-minute papers were given as planned.

    This year the last-minute presentations were something of an experiment, and the overwhelming response from those who attended was very positive indeed. As such, it seems likely that last-minute presentations will become a permanent feature in VB conferences going forward.

    Reply
  • Sirw2p September 21, 2007 3:57AM

    The video of the conference will be published ?

    Greezt

    Reply
  • Paperghost September 21, 2007 1:18AM

    I nearly submitted a last minute paper to this thing myself, until I found out about it having to be submitted so late and only finding out if you’d be speaking, like, a week before the thing took place.

    That seems dazzlingly stupid to me. Vienna isn’t exactly cheap anyway, and then throw in last minute airfares, packed out accomodation due to every security researcher on the planet being in town and you have a recipe for not-bothering-to-turn up. I wish security conference organisers would start using their heads a little more.

    Reply