Greetings from my first visit to Virus Bulletin

Hello, David Jacoby here checking in from sunny Barcelona where I’m attending the annual Virus Bulletin conference.

I’m sitting here reviewing all the presentations from yesterday, and it just hit me, this is actually my first time at this conference. Previously I have only attended security conferences in the style of Black Hat, Defcon, HITB and others. The content is very different, and also the presentation styles. To be honest, I had no idea what to expect, but so far it’s been really refreshing and educational.

It’s been a blast to meet meet fellow researchers from the same industry and just to get a face to the people behind the e-mail addresses. If you are at Virus Bulletin and reading this, do not hesitate to find me!

So, it’s currently day two, and so far so good. Yesterday I saw about eight presentations, mostly in the technical track, but today I’m mostly visiting the corporate tracks. I think its a good mixture to get information from both tracks. The only problem with two tracks is choosing which one you want to attend.

I’m going through my notes and the presentations I’ve seen so far (in no particular order) are:

  • Predicting the future of stealth attacks by Rachit Mathur (McAfee)
  • Same botnet, same guys, new code by Pierre-Marc Bureau (ESET)
  • A study of malicious attacks on Facebook by a replacement for (Commtouch)
  • The dangers of per-user COM objects in Windows by Jon Larimer from (Google)
  • Strategies for monitoring FakeAV distribution networks by Onur Komili from (Sophos)
  • Malware mining from Igor Muttik from (McAfee)

I cannot really write about all of them, so I decided to pick one that was very interesting, and so far I must say that the one from Jon Larimer about the per-user COM objectives was really interesting. Nice presentation style and pretty interesting content. I mean the vulnerabilities has been disclosed but the concept was interesting. It kind of reminds me of the old LD_PRELOAD vulnerabilities for Unix/Linux. You can read more about the presentation here:

Greetings from my first visit to Virus Bulletin

Your email address will not be published. Required fields are marked *



Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox