NEWS FROM THE LAB - Friday, December 12, 2008

Greetings from India! Posted by Mikko @ 13:48 GMT

AVAR 2008

The AVAR 2008 conference is in full swing in New Delhi. Almost all antivirus companies are represented in this global conference.

Recent terror attacks in India were fresh in memory and indeed the conference was started with one minute of silence to honor the victims.

AVAR 2008

The terror attacks had an indirect toll on the conference as well, as seven speakers had canceled their trips. The organizers were happy to get replacement talks from the brave Peter Szor (Symantec), Andrew Lee (K7) and Randy Abrams (ESET).

My keynote presentation covered the initiative for "Internetpol" — the need to get better global IT law enforcement in action to really focus on getting online criminals behind the bars.

Image credit Luis Corrons / Panda Security
Photo by Luis Corrons / Panda Security

Other notable presentations included "Exploiting anti-virtualization techniques" by Andrew Lee. Many viruses won't execute if they detect the presence of a virtual machine. Andrew was using this feature against the malware itself by installing a fake VM on a real machine. As an end result, many types of malware wouldn't run at all. Neat.

Eugene Kaspersky also did an excellent overview of the worsening situation. He highlighted how criminals are using business models except here, instead of B2B (business-to-business) we're now seeing C2C (criminal-to-criminal) models.

AVAR 2008

And Vincent Weafer from Symantec presented their latest research into underground IRC networks and how large scale this is. Over a year, they monitored over 60,000 distinct advertisers on these boards, selling malware, botnets and stolen information.

Another interesting presentation was by Swanand Dattaram Shinde from India's Quick Heal. He spoke about how the local terrorist groups use the Internet for communication, recruiting and propaganda, and even to make online threats. No cases of real cyber-terrorism though.

And here's something you don't see everyday. All electricity got shut down twice during the second day of the conference. Andrew Lee was on stage and he did not miss a beat. He simply raised volume and carried on…

AVAR 2008

Signing off,

AVAR 2008