Virus Bulletin 2012 – Day 3 – The final chapter

Virus Bulletin 2012 is now over, the final chapter from this years conference needs to be written. Almost all of the participants have packed their bags and gone home. This event was three action packed days containing everything from discussions about cyber war, interesting meetings with fellow researchers and presentations about Indian Phone Scammers. I am now sitting here and writing the last blog post about the Virus Bulletin 2012 conference in Dallas.

This is my second Virus Bulletin, and just like last time it gave me not just the opportunity to network with fellow researchers, but this time I also presented my own research. Vicente Diaz wrote about the second day at VB, and he included some pictures from my presentation on Malware against Linux and the Attackers Automated Tools – check out the pictures here. During my presentation I also had a 30 minute live demo where four people from the audience helped me identify vulnerabilities and exploit them using the same techniques as the bad guys used. The demonstration also contained automated scripts for backdooring and bypassing security mechanisms within the Linux operating system.

The last day was, in my view, one of the best days, because at this time we had the chance to get familiar with everyone at the conference, and it also included some very good presentations. I had the opportunity to attend the following presentations.

  • Using an expert system to provide automated malware analysis for non-experts.
  • Correlating sentiments and topics with spam waves on social networks.
  • Anatomy of Duqu exploit.
  • Security ramifications of Windows Kernel Patch Protection.
  • My PC has 32,539 errors: how telephone support scams really work.
  • Cyberwar: reality, or a weapon of mass distraction?.

After listening to all these nice presentations I decided to write some of the conclusions instead of writing down all my personal thoughts. Three interesting conclusions that were made from both the presenters and from Q&A with the other people in the audience were:

  • Performing a deep analysis of malware is expensive!
  • Microsoft Scammers may earn more than $350 000 USD per day!
  • Cyberwar is a hot topic!

It was very interesting to see other people from Kaspersky Lab presenting their research. Even working for Kaspersky Lab, we dont always have time to sit down with researchers and experts from different departments within the company and talk about their research.

I would like to conclude my thoughts on the last day by saying that it was a very good mixture of presentations. Most of the presentations were relevant and brought up new ideas and new information which is good to share with the industry.

Just before the closing ceremony a panel discussion was held, moderated by Ryan Naraine. The other participants were Adrian Stone, Josh Shaul and Alain S. Zidouemba. This was a very relevant panel discussion about the value (and danger) of offensive security research and from time to time it was very lively.

I would like to thank everyone who attended my presentations, give all my new friends a thumbs up, and hope that maybe we will see each other at another Virus Bulletin conference.

Virus Bulletin 2012 – Day 3 – The final chapter

Your email address will not be published. Required fields are marked *



Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox