No, I [Still] Haven't Fallen Off The Edge Of The World....

Or been kidnapped by aliens, gone over to the dark side or gone down with a virus [or should that now be malcode?].

It seems that about this time, every year, I end up writing a post like this, so here is this years version. ;-)

Sorry for the lack of blog entries over the last month or so, but I've been writing a conference paper for the EICAR international conference which is, as I write this, being held in Laval, France.

So, am I writing this blog entry from there? No, unfortunately not, let me explain...

Why am I not presenting my paper at EICAR 2008 in Laval, France? Why am I not there today?

Well, the decision was made that because we [the new team/service I'm part of] was in the middle of a major analysis of new malcode, and this was a very high priority. It was decided at a commercial level that it would be better if I were available at a moments notice if new samples were found that required immediate analysis. If I were in Laval, France I would be unable to work on live malcode and keep in contact.

So, I'd like to apologise once more to EICAR that I was unable to attend and present my paper at the conference. Hopefully, if the team I'm now part of is expanded this won't have to happen again. Anyone that attended EICAR will have still seen my paper presented, but by Eric Filiol [who does not work for IBM or ISS] instead. This was the best solution we could come up with at the last moment.

The paper will be made available later this week at the following locations*:

• http://momusings.com/papers


• http://momusings.co.uk/publications.aspx

Writing the paper for EICAR is only one of the reasons for my lack of posting, other changes have been afoot!

Firstly, I have moved to a new company, well sort of, I now work for Internet Security Systems, who as some of you may know were acquired by IBM a while ago. So, I now work for ISS, which is owned by IBM. However, my role has changed as I now work in the X-Force Professional Security Services section as a Malware Analyst and Consultant.

So, what does this new role involve?

The main part of it is malware analysis and reverse-engineering. So, in some ways I have stepped back in time to the sort of work I used to do when I wrote my own anti-virus detection and remediation tools [whilst I was working for another company]. However, the game has changed quite a bit since then; luckily my skills are not that rusty, so I have managed to get back up to speed very quickly. Other skills I have picked up and honed over the years will probably also be required for other parts of my new role; more on that another time.

However, that is not all that has kept me from posting recently, other things include:

• Lecturing at the University of Warwick on malware and internet security later this month, so my slides need to be updated and tweaked before then.


• Writing and submitting abstracts for this years Virus Bulletin conference to be held in Ottawa, Canada this year.


• Building systems and finding/creating tools to help in the analysis of new samples, they just keep coming!


• Working very long hours on malcode analysis.

Normal, [once or twice a week postings] service will be resumed as soon as I can find that elusive 25th hour in the day, or I decide to give up trying to get any sleep at all!



* All my published papers and articles can be found at those web addresses.