Virus Bulletin 2008 Conference Review

As previously mentioned on this blog, I was going to attend the Virus Bulletin 2008 conference as just a delegate, for the very first time; I usually attend as a speaker. The conference was held at the Westin Ottawa, in Ottawa, Canada [surprisingly ;-)] between the 1st and 3rd of October.

However, I ended up being a speaker again, which I don't mind, but I was actually looking forward to having a more relaxed conference than I usually do, but that's life!



This posting is a quick review of the conference:

Day 1 - Wednesday 1st October 2008

The first day of the conference started at 10:30 with Helen Martin’s opening address, this was followed at 11:00 by the Keynote address "The AV industry: Quo Vadis?" presented by Alex Eckelberry of Sunbelt Software. This was a very interesting speech and contained lots of useful information, as well as a general overview of what the bad guys [and girls] are up to, as well as what the good guys [and girls] are up to.

You can find a recording of it here, along with the slides: http://sunbeltblog.blogspot.com/2008/10/virus-bulletin-2008-keynote-address.html

The final session on the Technical Stream before lunch was also interesting, a presentation by Morton Swimmer [who used to work for IBM] entitled:

• Towards integrated malware defence

It was a good presentation, however as Morton had moved to TREND just before the conference he no longer had access to all his data, which was a shame, as it seems to have been rather an effective solution.

Then it was time for lunch.

After lunch, the conference continued in its normal two stream mode; Corporate stream and Technical steam. Normally I spend most of the conference in the technical stream, and on this first day that was pretty much the case. I spent the whole afternoon in the Technical Stream.

The first two presentation after lunch were:

• Your computer is now stoned (...again!). The rise of MBR rootkit - Kimmo Kasslin, F-Secure
• When the hammer falls - effects of successful widespread disinfection on malware development and direction - Matt McCormack, Microsoft

The presentation given by Kimmo was esepcially interesting as it covered the rebirth of MBR infectors; something that had almost died out when Windows NT, 2000 and XP came along [yes there have been some MBR infectors for those, but not many, and not with stealth capability].

Then we had a short break for Tea and coffee before the attending the final pair of presentations on the technical stream. These were:

• Applying user-mode memory scanning on Windows NT - Eric Uday Kumar, Authentium
• Packer visualisation: a fast entropy scanning algorithm that preserves local detail - Li Sun, RMIT University

I decided to sit in on the vendor presentation after the days main proceedings, this was given by my good friend David Harley, from Eset.

Later we had the "Welcome drinks reception" which is a nice ice-breaker, especially for those that have not been to a VB Conference before as it is very informal and relaxed.

This was staged with a couple of Ice Hockey players; for those that wanted pictures, as well as a bit of fun from Ken Bechtel, who's hat did the rounds and photos were taken of those that ended up wearing it, including me. If you've ever met Ken, you'll know which hat I mean as he is rarely seen without it.

Day 2 - Thursday 2nd October 2008

Day two started early for me as I was informed when I arrived that I might be needed to present [I was the emergency reserve speaker; "in case of a missing speaker, break glass and grab Martin ;-)"], as one of the speakers for the morning session on the Technical Stream was unaccounted for; he never did turn up.

So, I had to go back to my hotel [I wasn't staying at the Westin], get changed, grab my laptop and get back to the conference by the morning tea break to check that my laptop worked fine with the projector, it did.

This meant that I effectively missed the first two presentations I had planned to attend, oh well.

To complicate matters, I was also supposed to be chairing the three sessions on the Corporate Stream between the morning tea break and lunch; which I couldn't now do, as I was presenting in the other stream at the same time. Luckily, my old friend from Nortel, John Morris, stepped into the void as the new session chair.

So after the morning tea-break I was back in the Technical Stream for the next three presentations, these were:

• The robustness of new email identification standards - Reza Rajabiun, COMDOM Software and York University
• Coordinated distributions method for tracking botnets sending out spam - Andrey Bakhmutov, Kaspersky Lab
• Malware forenscis: detecting the unknown - Martin Overton, IBM ISS

The presentation given by Andrey was extremely good, some excellent research which was well presented and explained. This led to a flurry of questions.

It seemed rather surreal when I gave my presentation, as it was designed for an audience on the Corporate Stream; so as an old English saying goes "it was like teaching my grandmother how to suck eggs". In other words the presentation was an overview of forensic techniques and tools for finding and analysing malware [known or new] on an infected system.

This was presented on the Technical Stream to about 70 or more of the worlds best malware researchers, hence my use of the saying.

The presentation was actually based on my EICAR 2008 paper which I was unable to present at the EICAR conference, ironically due to the fact I was tied up in a malware forensics case.

Then it was time for Lunch, not only to refuel with food, but also to discuss and digest what we'd seen so far.

I received some nice feedback from a few of those that sat in, and no awkward questions. In fact one of the guys who were running the audio-visual side of the conference said he thoroughly enjoyed my presentation and found it most useful and enlightening.

After lunch, once more I decided to sit in on the Technical Stream until the tea/coffee break, at least. The next four presentations, all last minute ones limited to 20 minutes each, were:

• VB testing - present status, future plans, John Hawes, Virus Bulletin
• Race to zero with online scanners, Boris Lau, Sophos
• There is (some) honour among South American authors of infostealer trojans!, Pedro Bueno, McAfee
• Apple iPhone programming with SDK, Marius van Oers, McAfee

This year these short technical presentation worked rather well, although it was hard for some of the presenters to keep to the 20 minute slot limit, yes, you know who you are.

Then it was time for another caffeine break ;-)

After the tea/coffee break I moved to the Corporate Stream as I was chairing the last two presentations on that stream, these were:

• The NorTel Mailer: effective open-source spam filtering for enterprises - Chris Lewis, Nortel
• SCADA security - who is really in control of our control systems? - Peter Allor, IBM

Both of these were very interesting presentations and it was a shame that so few delegates had decided to sit in on them.

Before the day was over we also had our first panel session, this was:

• The state of anti-malware testing

Later we had the "pre-dinner drinks and the Gala dinner and entertainment".

As always the food was excellent and the entertainment this year differed quite a bit, it was a quiz, which was fun but took longer than expected to complete. As one delegate was heard to say "we have travelled 3,500 miles for a pub quiz!". Personally, I enjoyed it, it just needed to be shorter.


Day 3 - Friday 3rd October 2008

The final day of the conference had arrived, I'm still not sure where the first two days had gone, but they sure went quickly!

As we started slightly later on the last day, to allow for those that had partied hard until the small-hours to get some sleep, and maybe quite a bit of black coffee, there was only a single presentation before the first coffee/tea break of the day. The one I decided to attend was on the Corporate Stream, again:

• Understanding and teaching bots and botnets - Randy Abrams, ESET

This presentation covered a topic that I had presented on back at VB2005 in Dublin, but from a high-level perspective and more focussed on how to educate staff about these threats via using robot vacum cleaners known as Roombas.

As usual Randy was both informative and entertaining.

So, another quick tea and coffee break and then back to the Technical Stream until lunch, these were the next presentations I sat in on:

• Automatic rules-based binary analysis with IDA Pro and CLIPS - Ryan Hicks, AVG
• Rebuilding testing for the future - Igor Muttik
• Samples.malware.org: sample sharing for the next decade? - Richard Ford, Florida Institute of Technology

All of these were very good and interesting talks and all generated lots of discussion and questions.

Then it was time for the final lunch of the conference, but before that, all the speakers had to get together for the traditional "Speakers Photo". As usual, much hilarity was had by all. However, I think I can honestly say that this years photo was the quickest ever as it took less than 5 minutes to organise all the speakers and take a number of photos.

After lunch I spent the first part of the afternoon on the Corporate Stream.These were the presentations I sat in on:

• Where do your users want to go today and can you stop them? - Bruce Hughes, AVG
• The name of the dose: does malware naming still matter? - Pierre-Marc Bureau and David Harley, ESET

Both of these were interesting and prompted a number of questions from the audience.

Then it was time for the final refreshments break. Yes, it was the very last VB2008 Tea and coffee break of the whole conference.

The final presentations of the day, and the conference, were straight after the break and I decided that I'd sit in on the last one on the Technical Stream again. This was:

• Darwin inside the machines: malware evolution and the consequences for computer security - Peter Ször, Symantec
  Dimitris Iliopoulos, Keck Graduate Institute of Applied Life Science

This was a very interesting presentation, basically saying that malcode could in theory evolve following Darwinian principles. Not sure that we will see such malware any time soon, as there are a number of things that need to happen first.

Although all the conference papers presentations had finished there was a very interesting and lively panel discussion on:

• Security in banking forum

Finally it was time for the Conference closing session, once more led by Helen Martin, the editor of Virus Bulletin.

It included the usual selection of scenic photos as well as general candid shots taken during the conference, including some 'comic' ones. This year it seemed to be another case of "I'm Sparticus", as a lot of people seemed to be wearing Ken Bechtel's hat, including me, and no it wasn't him in varying disguises either!

My final impressions of VB2008 are mixed; I enjoyed it, but I [and others who I chatted with] seem to think it may have lost its edge. Is this a case of becoming too commercialised or due to a lack of the usual swathe of quality research papers [which may be due to security companies cutting research budgets], or is it just a sign of the times as the marketplace has matured and that threats have now converged?

If you attended VB2008 and have an opinion, then please let me know your thoughts, thanks.

Copies of the slides used by the speakers during the presentations can be found here: http://www.virusbtn.com/conference/vb2008/slides

The full agenda for the conference can be found here: http://www.virusbtn.com/conference/vb2008/programme/index

Finally, if you are really curious and want something to put you to sleep, then you can also find a selection of scenic photos I took whilst in Ottawa, here: http://picasaweb.google.com/overtonm/OttawaCanada2008?authkey=SEeottY873o#

Well, that's another VB conference covered, I'm already looking forward to the possibility of attending next year, where it will be in Geneva, Switzerland at the end of September 2009. Right, now I need to find some ideas for a few abstracts to submit....any suggestions?

Virus Bulletin 2008 International Conference

Next week the Virus Bulletin International Conference is being held in Ottawa, Canada [1st to the 3rd of October]. This is the premier conference for people involved with fighting malware and related security threats. The programme can be found here.

This year I was going to be there just as a delegate; normally when I attend this conference I attend as a speaker, which means I have to write a paper and present it at the conference to an audience of 50-200 uber-geeks from various industries as well as the world's best malware researchers.  This can be pretty daunting! This will be my 11th Virus Bulletin Conference since my very first I attended and presented at back in 1996.

However, I've now been asked to be a reserve speaker, so I have to have a presentation ready, just in case I'm needed. The last time I was a reserve speaker it was for VB2002 which was held in New Orleans that year, and was nearly washed away by a hurricane! Needless to say, I ended up presenting my paper that year.

If any of you ready this are going to be there, then please feel free to stop me and have a chat, or just to say hello. I don't bite, honest ;-)

The presentation I am working on for the conference is to do with malware forensics, so it should be fun to do, as well as interesting for any audience I get; if I get to present it, that is.

As usual, I will write a short review of the conference, including what I personally found interesting, and may also post some mini-reviews and updates via Twitter.

If you can make it, then I hope to see you there; if not then stay tuned and I'll post a review as soon as I can.

American Airlines Survey

I'd like to start this post with an apology as I have been rather slack in posting for quite a few weeks now. This has been due to a number of issues beyond my control including yet another change in my role. I still hope to post material here as often as I can, but it probably won't be as frequent as it has been. So, to try and start the ball rolling once more I have the following phishy tale for you to enjoy.

Here's a new one I've not seen before, the following e-mail arrived in my 'Phish' inbox late last night [screenshot below]:



That's nice if I answer five questions in a simple survey I will get $50.....I smell a phish, so what do we see when I click on the link?



So, let me see what happens when I fill out the details with bogus data. First let me enter some bogus data for the AAdvantage number and password, and then click on go. This is where I'm taken too next



As you can see, I'm now asked for my Bonus Code and the rest of the page is the alleged survey. So, I'll fill this in, again using bogus data. Interestingly the Bonus Code is the same in all the copies I've received, to multiple e-mail honeypot addresses too. So, now all the data has been entered, let me click on the continue button and see where we go next.



Aha.....Just as I suspected, this is a phish, as it not only asks for personal details, it also wants credit card data, including the CVV and an ATM PIN number too. So, let me enter in some more bogus data and click on the continue button again.

The final page shown informs me that my data has been entered correctly [yeah right!] and that I should see my bonus of $50 on my credit card within 72 hours. More like my credit card will be misused or sold on to others to misuse within 72 hours!

For those of you who like the detail behind the web-page, here is a screenshot of the first page, showing that the actual page is being rendered from two other sites. You may also notice that this phishing site is hosted on Yahoo servers.



Here is a screenshot showing part of the whois record for the phishy domain being used as a front for this scam.



So, it seems that I was right to be suspicious, in fact a quick look at the link in the original e-mail made it obvious to me that this was a phishing scam.

The interesting thing about this Phishing attempt is that this is the first time I've seen one targeting an airline, in fact I'd go as far as saying that this may be a 'Spear Phishing' attempt as it seems to have been sent to a small number of people and in far smaller numbers that the more traditional bank phish I see day in and day out..

So, if you are an American Airlines customer be on your guard as it seems that the phishers are now spending significant amounts of their time to finely target their potential victims and try and get you to disclose your details....

As a final note, the Netcraft toolbar plugin which works with Internet Explorer and Firefox now has the domains used for this phish in their database. So, install it and use it, it could save you from making an expensive mistake!

FREE Anti-Virus Software...

I thought it is about time for me to cover this again due to the current world-wide credit crunch and fuel, power and food costs soaring. This means many people are looking for ways to cut costs; including costs for protecting their computers. FREE isn't a bad word, but the bad guys and girls have started to make it feel like it ought to be. The phrase Caveat Emptor [Let The Buyer Beware] seems to be more pertinent than ever.

What do I mean by "the bad guys and girls have started to make it feel that it ought to be"? Let me explain:

Look at these for examples of the rather naughty ways that the bad guys and girls are trying to get you to download and use their anti-virus:

First they try scare tactics:



Then they try a little more direct approach:



If you are foolish enough to go to the sites, then this is what you'd currently see:



Looks very professional, doesn't it? Hard to believe that this is a bad site! Want proof? OK, here it is:



That is the very same site [URL] but visited using Firefox 3.x instead.

But that isn't all, this site is also being promoted by a botnet called Asprox. This botnet searches for sites using SQL, and it then tries to run exploit code, which if successful, overwrites all URLs in the database with a single link. If this now 'bogus' link is clicked on a website using the SQL injected database for content, it starts a chain reaction, which often ultimately ends up either on the site shown above, or it may infect vulnerable systems using exploit code that was run as part of the chain reaction. This may include infecting your system and making it part of the Asprox botnet.

But there's more.....

Here's a screenshot of another e-mail I received recently:



The link, if foolishly clicked on, takes you here:



Does it look familiar?

Here's a screenshot of the source of the above page:



Notice how it uses the REFRESH function to popup a download of the executable they offer; no it isn't anti-virus software, it is actually malware!

So, who can you trust if you want FREE anti-virus software?

These are the FREE ones I'd personally recommend include:

• AVG


• Avast


• AntiVir

Please be aware that there are a number of 'bogus' anti-spyware tools out there too and probably even 'bogus' personal firewalls.

You can find all the links mentioned above, and other useful tools, etc. here.

At the end of the day to help keep you system free of net nasties and their kin, you need to ensure that you have a personal firewall, up to date anti-virus installed, anti-spyware tool(s) installed, and last but not least practice 'Safe-Hex'.

Computer problems are bad enough most of the time which means the following anti-stress kit might be useful? However once you add malware to the more usual computer problems it becomes a must have piece of kit, well it stops the common hair-loss normally associated with stress! ;-)





Hopefully, this posting will help you retain your sanity, or at least reduce the cranial damage you may do to yourself using the above anti-stress kit.

Be careful out there, the web is a dangerous place without suitable protection...

If any of you out there in blog land have other security software that you recommend then please feel free to drop me a line or leave the details in a comment.Thanks!

Phishing for Feedback?

According to the e-mail I received this morning HSBC have a customer survey they would like me to take.

For starters here's a screenshot of the e-mail I received:



I'm always willing to give feedback to companies I use, but I am not an HSBC customer, so let us see where we go when the link is clicked?



Looks like a normal survey so far, apart from the dodgy website address [IP dotted]. So let me fake some data and click on the submit button, here goes:



Ah, now I smell something very phishy indeed [even if I didn't before ;-)]. They want some account details; Ker-ching!

Oh, yes and there is no prize money, so don't expect to win, just like the fake lottery notifications that you get, it is just a scam.

Each phishing e-mail I receive is checked; all links are tested against the Netcraft toolbar, and any new ones, that the Netcraft toolbar doesn't yet know about are submitted for inclusion in their database. Nothing too unusual there. However, once in a while I spot something that makes a new phish stand out from the crowd, such as this one.

At the time I tested these links to the bogus [phishy] HSBC survey site it was not detected by the Netcraft toolbar, or even the Firefox anti-phishing functions which are now built into the browser. As I finish up writing this post Netcraft should now have it in their database as I sent them the details.

Just be careful when acting on requests for participating in surveys for companies you use, as they may be phishy and you may get more than you bargained for. In those phishy cases it is likely that your personal data will be stolen and used to make fraudulent transactions on your account.

EICAR 2008 Conference Paper Now Available

This is a quick update on my posting from yesterday, and to announce that the full paper for the EICAR 2008 conference which was held earlier this week is now available for download as a PDF [Adobe Acrobat] file.

To refresh you memories,here is the abstract from the paper, entitled "Where To Now: Detecting The Unknown":

The increasing speed of new malware strains being written and released means that security professionals are more likely than ever before to see new malware.

This means new malware which is not detected by the anti-malware solutions they have deployed in their infrastructure, be it workstation, server, PDA or at the gateway.

Imagine this scenario: An end-user calls the helpdesk and reports that their system is running very sluggishly when it wasn't a week ago and that they can't access the Windows 'Task Manager' or open a command prompt any more.

Is this caused by malware or is it a 'user' problem? The virus scanner is right up to date and active, and it says the system is clean, the personal firewall is active too. Where do you go from here? Investigate or rebuild the box?

How can you tell if the machine is clean or infected by a new malware, with a reasonable level of confidence for your conclusion?

This paper will look at what tricks, tools and techniques you can use to help establish the true state of the 'suspect' system. It will focus on a step by step approach of what tools to use, what to look for and what to do with any suspicious files. It will also discuss the use of forensic tools in such a scenario, as a last port of call.

The paper will draw on real scenarios where new [undetected] malware has been responsible for 'odd' system or network behaviour.

The paper can be downloaded via the following links:

• http://momusings.com/papers/EICAR2008-Where-To-Now-1.01.pdf


• http://momusings.co.uk/Documents/EICAR2008-Where-To-Now-1.01.pdf

As usual all feedback is most welcome.

No, I [Still] Haven't Fallen Off The Edge Of The World....

Or been kidnapped by aliens, gone over to the dark side or gone down with a virus [or should that now be malcode?].

It seems that about this time, every year, I end up writing a post like this, so here is this years version. ;-)

Sorry for the lack of blog entries over the last month or so, but I've been writing a conference paper for the EICAR international conference which is, as I write this, being held in Laval, France.

So, am I writing this blog entry from there? No, unfortunately not, let me explain...

Why am I not presenting my paper at EICAR 2008 in Laval, France? Why am I not there today?

Well, the decision was made that because we [the new team/service I'm part of] was in the middle of a major analysis of new malcode, and this was a very high priority. It was decided at a commercial level that it would be better if I were available at a moments notice if new samples were found that required immediate analysis. If I were in Laval, France I would be unable to work on live malcode and keep in contact.

So, I'd like to apologise once more to EICAR that I was unable to attend and present my paper at the conference. Hopefully, if the team I'm now part of is expanded this won't have to happen again. Anyone that attended EICAR will have still seen my paper presented, but by Eric Filiol [who does not work for IBM or ISS] instead. This was the best solution we could come up with at the last moment.

The paper will be made available later this week at the following locations*:

• http://momusings.com/papers


• http://momusings.co.uk/publications.aspx

Writing the paper for EICAR is only one of the reasons for my lack of posting, other changes have been afoot!

Firstly, I have moved to a new company, well sort of, I now work for Internet Security Systems, who as some of you may know were acquired by IBM a while ago. So, I now work for ISS, which is owned by IBM. However, my role has changed as I now work in the X-Force Professional Security Services section as a Malware Analyst and Consultant.

So, what does this new role involve?

The main part of it is malware analysis and reverse-engineering. So, in some ways I have stepped back in time to the sort of work I used to do when I wrote my own anti-virus detection and remediation tools [whilst I was working for another company]. However, the game has changed quite a bit since then; luckily my skills are not that rusty, so I have managed to get back up to speed very quickly. Other skills I have picked up and honed over the years will probably also be required for other parts of my new role; more on that another time.

However, that is not all that has kept me from posting recently, other things include:

• Lecturing at the University of Warwick on malware and internet security later this month, so my slides need to be updated and tweaked before then.


• Writing and submitting abstracts for this years Virus Bulletin conference to be held in Ottawa, Canada this year.


• Building systems and finding/creating tools to help in the analysis of new samples, they just keep coming!


• Working very long hours on malcode analysis.

Normal, [once or twice a week postings] service will be resumed as soon as I can find that elusive 25th hour in the day, or I decide to give up trying to get any sleep at all!



* All my published papers and articles can be found at those web addresses.

Paper Selected For The EICAR 2008 Conference

EICAR have informed me that my abstract has been selected for the EICAR 2008 conference to be held in Laval, France between the 3rd and the 6th of May.

The abstract for the paper appears below:

The increasing speed of new malware strains being written and released means that security professionals are more likely than ever before to see new malware.

This means new malware which is not detected by the anti-malware solutions they have deployed in their infrastructure, be it workstation, server, PDA or at the gateway.

Imagine this scenario: An end-user calls the helpdesk and reports that their system is running very sluggishly when it wasn't a week ago and that they can't access the Windows 'Task Manager' or open a command prompt any more.

Is this caused by malware or is it a 'user' problem? The virus scanner is right up to date and active, and it says the system is clean, the personal firewall is active too. Where do you go from here? Investigate or rebuild the box?

How can you tell if the machine is clean or infected by a new malware, with a reasonable level of confidence for your conclusion?

This paper will look at what tricks, tools and techniques you can use to help establish the true state of the 'suspect' system. It will focus on a step by step approach of what tools to use, what to look for and what to do with any suspicious files. It will also discuss the use of forensic tools in such a scenario, as a last port of call.

The paper will draw on real scenarios where new [undetected] malware has been responsible for 'odd' system or network behaviour.

All I have to do now, is carry out all the required research and write the paper; should only take me about 3 months. However, as usual they need the completed paper by the 17th of March!

I've several other ideas for abstracts already sketched out ready for to submit for this years Virus Bulletin conference. Any topics that you think should be covered are most welcome, just drop me a note or leave a comment.

Birds of a Feather...

No this isn't about either the feathered sort of 'Birds', or anything to do with the fairer sex [colloquially known as 'Birds' in some parts of the world], nor am I going to blog about the famous Alfred Hitchcock movie. This posting is about a recent book I reviewed for Virus Bulletin which was written by members of AVIEN* [do you get the 'Birds' reference now? ;-)]

Here's a snippet from the review I wrote:

"The AVIEN Malware Defense Guide has been written by members of the AVIEN/AVIEWS online communities with the aim of passing on knowledge that they believe will be both interesting and useful to those involved in the real-world battle against malware in organizations.

The cover of the book claims that it will 'stop the stalkers on your desktop' and also provide:

• Complete coverage of the relationship between enterprise security professionals, customers, vendors and researchers.


• In-depth consideration of key areas of the 21st century threat landscape.


• System security and DIY defence using a range of specialist detection and forensic techniques and tools.

Meanwhile, the back cover states: 'AVIEN members represent the best-protected large organizations in the world, and millions of users. When they talk, security vendors listen: so should you.' So, after making such a bold statement, does the book deliver on the promises it makes?"

And here's another snippet:

"My overriding impression is that this book is very well written; the whole book comes together and flows very well – which can be a difficult feat when a book has several different contributors.

The book eases the reader in gently, starting with non-technical chapters and building to some very technical ones towards the end of the book.

The pedigree and diversity of the contributors involved in this book makes it a very readable, informative, and accurate reference guide for all interested parties, be they new to the fight or old hands.

The book delivers on many of the promises it made. In fact, I would say that this is the best general malware/anti-malware book currently available, and it should be a mandatory read for anyone new to computer security in general, and anti-malware specifically."

Here's a link to the complete book review I wrote: [PDF format]

So, if you are hunting for a perfect present for the security professional in your life, or just for yourself, then this book may be just what you/they always wanted...

If you want to buy the book or to see other reviews, then feel free to click on the relevant link below:

UK LINK US LINK

As usual all my other published articles and papers can be found here or here.

* Yes, I know that this isn't spelt the same way as AVIAN, but please let me have a little poetic license ;-)