SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

This week I’m writing to you from the Virus Bulletin conference in beautiful Berlin, Germany.

We have seven SophosLabs researchers all prepared to share their research and ideas with the world.

Our first paper (chronologically), Back channels and bitcoins: ZeroAccess’ secret C&C communications”, will be delivered by James Wyke of SophosLabs UK.

Tomorrow Wyke will explain the rise and fall of illicit bitcoining mining as a profit tactic and the increasing devious command and control methods being hidden inside everyday network traffic.

Next up is “Between an RTF and OLE2 place: an analysis of CVE-2012-0158 samples”, presented by Paul Baccas (independent) and Vanja Svajcer (SophosLabs).

Their research dives into the numbers behind the exploitation of CVE-2012-0158 and the challenges posed to anti-malware researchers due to the complexity of Microsoft file formats.

Rowland Yu of SophosLabs Australia kicks off Thursday’s talks with “GinMaster: a case study in Android malware”.

androidYu will show the parallel, yet accelerated path that Android malware is advancing as compared to PC malware in the early days. He will also hightlight techniques used to obfuscate, avoid detection and even root victim devices.

Gabor Szappanos from SophosLabs Hungary is up next with his last minute paper delving into the exploitation of legitimate apps to lend their trust to malicious ones called “Hide and seek – how targeted attacks hide behind clean applications”.

Immediately following Szappanos, Sean McDonald (SophosLabs Australia) and Vanja Svajcer (SophosLabs Croatia) are presenting “Classifying Potentially Unwanted Applications in the mobile environment” which Paul Ducklin described earlier this week.

Contextiseverything250The final paper is published, but the timing is a mystery. Numaan Huq and Peter Szabo from SophosLabs Canada had their paper, “Trapping unknown malware in a context web”, selected as a reserve paper to be presented by Huq.

Their research shows that when scanning the web for threats, context is everything. Huq and Szabo applied their techniques to a year’s threat data and found it improved the detection of zero-days, compromised sites and exploit kits.

If you are a malware research nerd, this is an exciting week. There is much work to be done to better protect ourselves and others.

If not, stop wasting so much time on sports, card games, time with your family, music, hunting, reading and exercising.

We need your help! If you can’t make it to Berlin, look into how you can help educate your friends and family during October, it’s National Cyber Security Awareness Month.

Break a leg guys…