Talking malware and spam at the AVAR 2010 Conference, Bali

The 13th AVAR Conference (Association of anti Virus Asia Researchers) was held last week at the Bali, Indonesia on November 17-19, 2010. Which was lucky for me and others who were attending. (There’s a reason why they call it the “island of God”..)

The AVAR Conference is an opportunity to connect with some of the world’s leading IT security experts, and attend some carefully selected talks on a variety of associated topics.

Sophos was at the AVAR Conference of course, and I gave a talk about the evolution of spam, how Sophos defends against the threat, and some predictions of how spam might change in the foreseeable future in my presentation entitled “Is Spam Dying?”.

With the introduction of a number of new and sophisticated anti-spam approaches such as sender reputation and content filtering, the catch rate for spam has risen higher and higher over the last few years.

Moreover the occurrences of several significant events, including the takedown of McColo and the implement of new policy from CNNIC, directly or indirectly led to a huge drop of spam volume for a while.

As a result, some people began to say that the spam problem was over. However, as I hope my paper demontrated, spam has evolved in the last three years and security companies have had to respond appropriately.

There’s certainly plenty of evidence of the resilience and vitality of spammers.

My belief is that spammers aren’t going away anytime soon – and they will definite be a permanent fixture for as long as money can be easily made via spam.

AVAR 2010

There were many other interesting presentations that I attended, here’s a quick snapshot of some of my highlights:

Denis Maslennikov of Kaspersky Lab gave a talk, entitled “Getting rich with mobile mobile malware: the how, the where, and the $$$”, described a significant growth in malware for mobile phones in the last two years, and demonstrated how these programs make cash by sending SMS messages or dialing premium rate numbers.

Microsoft’s Scott Molenkamp presented a paper called that took a look at two well-known affiliate downloaders include W32/Bredolab and W32/Oficl, and how they are distributed via the black market.

I also greatly appreciated “Surviving Targeted Attacks: Beyond Today and Tomorrow” – a paper by Kaspersky’s Stefan Tanase and Costin Raiu – which reminded delegates that instead of spamming out tens of thousands of malware programs, a highly-sophisticated targeted attack can result in the theft of money and is likely to become a more mainstream attack in the future.

You can view the seminar program, including abstracts of each presentation online.