Virus Bulletin 2007 Abstract Selected

Virus Bulletin have just informed me that my abstract entitled: 'The Journey So Far: Trends, Graphs and Statistics.' has been selected for the Virus Bulletin 2007 international conference to be held from the 19th to the 21st September 2007 at the Vienna Hilton, Vienna, Austria.

The abstract for the paper appears below:

Abstract:
This paper will discuss the observed trends that have emerged since the start of the malware problem on DOS and Windows and how things have changed over the years.

The paper will discuss examples of the following:

• Malware types.


• Targets; file formats and operating systems.


• Obfuscation and related tricks and counter techniques.


• The use of social-engineering by malware authors.


• The cat and mouse game between the malware authors and vendors.


• The challenges of classification of malware.


• Changes in motivations.

The paper will discuss the changes witnessed in the malware/anti-malware arena seen since the start of it all with Brain. This will cover the emergence of stealth, polymorphism, macro and script malware and go on to cover the growth of mass-mailing worms, bots and the rebirth of stealth as rootkits.

This paper will include clear trend analysis showing the major shifts in malware over the years using a consistent data source which I have compiled. Key shifts from both sides of the problem will be covered, such as polymorphism [including TPE and DAME] and the resulting move to emulation and generic decryption to counter the threat. The growth in the use of packers, compressors and social engineering will also be covered.

Finally, the paper will cover the change in motivation for the malware authors, not just covering the excuses/reasons that they offer, but also the real reasons. It will also cover the changing landscapes of types or malware used and the now often confused classification situation.

I haven't blogged about this until now as I wanted to make sure I had approval for not only writing the paper, but also attending the conference and getting approval for the travel, hotel and other expenses. Also, VB contacted me rather late as they have asked me to be a reserve speaker. Last time I was a reserve speaker for them was back in 2003, in New Orleans, and I ended up presenting anyway due to a hurricane causing chaos. Hopefully, we won't see a hurricane, or any other disaster in Vienna?

All I have to do now is carry out all the required research and write the paper, piece of cake, NOT!

This will be the tenth time I've written a paper for the Virus Bulletin International Conference. I've also written a number of articles for the Virus Bulletin periodical as well, including a book review which is published in this months edition [June 2007].

The value to me personally in attending this conference is the knowledge I gain each and every time I attend, that in itself is priceless. It is also a chance to finally meet some of the people I converse with via e-mail, and catch up with like minded people I've met before, some of whom I would now consider to be friends.

If you have never been to a Virus Bulletin conference and you work in the information security field, then it is about time you did, you won't regret it!

The full paper will be made available after the conference. I'll post an announcement here shortly after the conference has finished.