Events

Virus Bulletin 2012 – Day 3 – The final chapter

Virus Bulletin 2012 is now over, the final chapter from this years conference needs to be written. Almost all of the participants have packed their bags and gone home. This event was three action packed days containing everything from discussions about cyber war, interesting meetings with fellow researchers and presentations about Indian Phone Scammers. I am now sitting here and writing the last blog post about the Virus Bulletin 2012 conference in Dallas.

This is my second Virus Bulletin, and just like last time it gave me not just the opportunity to network with fellow researchers, but this time I also presented my own research. Vicente Diaz wrote about the second day at VB, and he included some pictures from my presentation on Malware against Linux and the Attackers Automated Tools – check out the pictures here. During my presentation I also had a 30 minute live demo where four people from the audience helped me identify vulnerabilities and exploit them using the same techniques as the bad guys used. The demonstration also contained automated scripts for backdooring and bypassing security mechanisms within the Linux operating system.

The last day was, in my view, one of the best days, because at this time we had the chance to get familiar with everyone at the conference, and it also included some very good presentations. I had the opportunity to attend the following presentations.

  • Using an expert system to provide automated malware analysis for non-experts.
  • Correlating sentiments and topics with spam waves on social networks.
  • Anatomy of Duqu exploit.
  • Security ramifications of Windows Kernel Patch Protection.
  • My PC has 32,539 errors: how telephone support scams really work.
  • Cyberwar: reality, or a weapon of mass distraction?.

After listening to all these nice presentations I decided to write some of the conclusions instead of writing down all my personal thoughts. Three interesting conclusions that were made from both the presenters and from Q&A with the other people in the audience were:

  • Performing a deep analysis of malware is expensive!
  • Microsoft Scammers may earn more than $350 000 USD per day!
  • Cyberwar is a hot topic!

It was very interesting to see other people from Kaspersky Lab presenting their research. Even working for Kaspersky Lab, we dont always have time to sit down with researchers and experts from different departments within the company and talk about their research.

I would like to conclude my thoughts on the last day by saying that it was a very good mixture of presentations. Most of the presentations were relevant and brought up new ideas and new information which is good to share with the industry.

Just before the closing ceremony a panel discussion was held, moderated by Ryan Naraine. The other participants were Adrian Stone, Josh Shaul and Alain S. Zidouemba. This was a very relevant panel discussion about the value (and danger) of offensive security research and from time to time it was very lively.

I would like to thank everyone who attended my presentations, give all my new friends a thumbs up, and hope that maybe we will see each other at another Virus Bulletin conference.

Virus Bulletin 2012 – Day 3 – The final chapter

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox