Virus Bulletin, AVAR conferences: a tasty Conference Pair*

It's that time of year. That is, the time for two of my favourite security conferences: Virus Bulletin and AVAR.

Sadly, I’m unable to attend the 2014 Virus Bulletin conference, taking place in Seattle 24^th-26^th September, but there’s a healthy sprinkling of ESET researchers on the programme, which now includes information on the seven last-minute presentations.

On Wednesday 24^th at 11.30, ESET Canada’s Pierre-Marc Bureau co-presents a paper with Evgeny Sidorov and Konstantin Otrashkevich from the Yandex Safe Search team on Ebury and CDorked. Full disclosure. This is an area ESET research blogging has focused on for quite a while.

Also on Wednesday, at 14.30, ESET Canada researcher Jean-Ian Boutin presents his paper about The evolution of webinjects. And at 17.00, Matias Porolli and Pablo Ramos deliver a presentation about Brazilian malware trends: CPL in the spotlight.

On Thursday 25^th at 12.00, it’s the turn of Robert Lipovsky and Anton Cherepanov with their last minute paper on Back in BlackEnergy: 2014 targeted attacks in the Ukraine and Poland.

And among the four reserve papers you’ll find Bootkits: past, present & future, written by ESET’s Eugene Rodionov, Intel’s Aleksandr Matrosov (formerly of ESET), and myself: this is my 15^th Virus Bulletin conference paper. :) Because it’s a reserve paper, it’s not in the programme, but if needed, it will be presented by Eugene and Alex. It’s partly based on research for their forthcoming book on bootkits, to which I’m delighted to be making a small contribution.

There are, of course, lots of other presentations I’d love to have heard: here are just a few of those that strike me as being particularly interesting:

• Malware Investigator by the Federal Bureau of Investigation’s Jonathan Burns
• The three levels of exploit testingby Richard Ford and Marco Carvalho (Florida Institute of Technology)
• Tech Support Scams 2.0: an inside look into the evolution of the classic Microsoft tech support scam by Jérôme Segura (Malwarebytes)
• Microsoft Anti-Virus - extortion, expedience, or the extinction of the AV industry: the jury has reached a verdict by my one-time colleague and frequent co-presenter, Randy Abrams (NSS Labs)
• Inevitably, a couple of Apple-related presentations: Methods of malware persistence on Mac OS X by Synack’s Patrick Wardle, and Apple without a shell - iOS under targeted attack by FireEye’s Tao Wei, Min Zheng, Hui Xue and Dawn Song
• And two very different presentations from Kaspersky: How I hacked my own house! by David Jacoby and OPSEC for security researchers by Vicente Diaz and Dani Creus

This is the first time I’ll have missed a VB since 2007 (I have been to 14 since 1996, though, so I can’t complain too bitterly), and I’ll miss the face-to-face contact with all my friends inside and outside the security industry (not to mention the VB team), but I hope to make the next one in 2015. And I am looking forward to my first AVAR in several years. Again, ESET will be well-represented.

• Peter Kosinar presents his paper on Stealing the internet, one router at a time
• Sébastien Duquette presents his paper on Exploitation of CVE-2014-1761 in targeted attack campaigns
• I’ll be presenting my paper with Sebastian Bortnik on Lemming Aid and Kool Aid: Helping the Communityto help itself through Education

Unfortunately, there are no abstracts to link to at the moment, but there will be plenty of speakers there from other sectors of the security community who can be relied on to deliver good presentations.

*Yes, it's another fruitful Harley pun.

David Harley
ESET Research Fellow