Conference CARO'2010 - hot Finnish antiviruses
In the last days of May, the annual CARO (Computer Antivirus Research Organization) Network Threats Conference was held in Helsinki. Interestingly, last year's CARO'2009 was held in Budapest (Hungary). In this regard, I remembered a bearded anecdote about the resettlement of the Finno-Ugric peoples, "who could read, went to the south-west." Nevertheless, Helsinki is a very interesting city from the point of view of tourism, therefore the Russian representative office of ESET gladly sent its delegates to the conference (experts from other representative offices of ESET were also). The Finnish company F-Secure became the host of the conference in 2010.
The title theme of CARO'2010 was “big numbers,” which should indicate a phenomenal number of current threats, both existing and re-emerging. Nevertheless, the majority of speakers, let's say, did not quite strictly adhere to the topic. This, in general, is not surprising, because the main thing in the conference is to get time in the stands. And then they will listen :-) By the way, the reports themselves, despite the departure from the “big numbers”, were very interesting. I would especially like to mention the following presentations:
- “Indexing Large Volumes of Binary Content for Fast Search” by Tim Ebringer. The presentation dealt with the implementation of a system for quickly searching sequences in binary files. In addition to theory, the speaker demonstrated the results obtained on a real system.
- “Detecting malicious web pages with MonkeyWrench” by Armin Bucher, where the MonkeyWrench system was introduced to detect malicious activity on web pages. According to ESET virus analysts, the system is interesting, but, for example, Wepawet is still cooler. MonkeyWrench sandbox is based on the principle of emulating the work of various browser platforms. It also implements some heuristic approaches to recognizing shellcode sequences.
- “Virtual Machine Protection Technology and AV Industry” by Zhanxian Jima Wong (I apologize if I incorrectly transliterated the name). An interesting presentation about the problems of analyzing virtualized code and possible approaches to solving them. True, the performance was somewhat difficult to understand because of the obfuscated Chinese-English speaker :-)
')
- “Anatomy of a Targeted Attack with Global consequences” by Christian Craioveanu, where, using the example of the sensational Aurora attack, the speaker spoke about possible targeted attacks. Interestingly, this speech related to the so-called. "Closed", not for wide publicity. Although the speaker did not reveal any secrets.
- Speech by Dr. Alan Solomon. Korifey antivirus development with his own hands struggled with the very first viruses. Defying his age, Dr. Solomon told ... of course, the history of the emergence of various threats.
Summing up, we can say that the trip was a success.
It is a pity that such events, where you can meet so many interesting people and exchange practical experience with colleagues, are held so rarely. Despite the fact that the participants are nominally competitors in business, they are found only as craft colleagues who solve a common task. There are no consumers for whose attention it is necessary to fight. That is why the atmosphere remains friendly throughout the conference.
The title theme of CARO'2010 was “big numbers,” which should indicate a phenomenal number of current threats, both existing and re-emerging. Nevertheless, the majority of speakers, let's say, did not quite strictly adhere to the topic. This, in general, is not surprising, because the main thing in the conference is to get time in the stands. And then they will listen :-) By the way, the reports themselves, despite the departure from the “big numbers”, were very interesting. I would especially like to mention the following presentations:
- “Indexing Large Volumes of Binary Content for Fast Search” by Tim Ebringer. The presentation dealt with the implementation of a system for quickly searching sequences in binary files. In addition to theory, the speaker demonstrated the results obtained on a real system.
- “Detecting malicious web pages with MonkeyWrench” by Armin Bucher, where the MonkeyWrench system was introduced to detect malicious activity on web pages. According to ESET virus analysts, the system is interesting, but, for example, Wepawet is still cooler. MonkeyWrench sandbox is based on the principle of emulating the work of various browser platforms. It also implements some heuristic approaches to recognizing shellcode sequences.
- “Virtual Machine Protection Technology and AV Industry” by Zhanxian Jima Wong (I apologize if I incorrectly transliterated the name). An interesting presentation about the problems of analyzing virtualized code and possible approaches to solving them. True, the performance was somewhat difficult to understand because of the obfuscated Chinese-English speaker :-)
')
- “Anatomy of a Targeted Attack with Global consequences” by Christian Craioveanu, where, using the example of the sensational Aurora attack, the speaker spoke about possible targeted attacks. Interestingly, this speech related to the so-called. "Closed", not for wide publicity. Although the speaker did not reveal any secrets.
- Speech by Dr. Alan Solomon. Korifey antivirus development with his own hands struggled with the very first viruses. Defying his age, Dr. Solomon told ... of course, the history of the emergence of various threats.
Summing up, we can say that the trip was a success.
It is a pity that such events, where you can meet so many interesting people and exchange practical experience with colleagues, are held so rarely. Despite the fact that the participants are nominally competitors in business, they are found only as craft colleagues who solve a common task. There are no consumers for whose attention it is necessary to fight. That is why the atmosphere remains friendly throughout the conference.
Source: https://habr.com/ru/post/95859/
All Articles