Gallery
More Information
- Security Intelligence Report v7 is Now Available
- SIR Volume 7 (January through July 2009) and Key Findings Summary (available in 10 languages)
First published: 24th November 2009
Allan Dyer
The twelfth Anti Virus Asia Researchers Annual Conference took place in Kyoto, Japan on the 5th and 6th November. The conference had about 300 attendees, and many of the best-known names in the Anti-Virus industry. The importance of the event was underlined by a keynote speech from Seishu Makinoa (牧野聖修) member of the House of Representatives of the National Diet of Japan (国会).
Jimmy Kuo of Microsoft presented the Key Findings from Microsoft's recently published Security Intelligence Report covering the first half of 2009. The data is, arguably, the largest dataset of Windows malware information, coming from Microsofts' various security tools, protected web mailboxes and scanned webpages. Miscellaneous trojans (including rogue security software remained the most prevalent category, but worms and password stealers also rose in prevalence. Asia was a hot area for malware distribution sites.
A major theme was the enormous numbers of new malware (about 2 million unique sample files a month, according to one developer, and 1883 new threats an hour, according to another), and how to deal with that. Andrew Lee discussed "Threat for a Day", and how the fast appearance and disappearance of threats required a paradigm shift in our approach. Several papers looked at automated processing of malware: "MCNS: Intelligent Malware Categorization and Naming System" by Yangang Ye, Winming Mei and Renchang Pang; "Feature Extraction, Classification and Learning for Malware Codes" by Kazuki Iwamoto.
Several technical papers examined the tricks used by malware authors: Jie Zhang looked at scramblers, Masaki Suenaga considered Win32 API obfuscation and Satyendra Teppalavalasa discussed PDF attacks.
But not all tricks are technical, Stefan Tanase compared social networking to viruses, and explained the types of attack becoming prevalent on Facebook, Twitter and other social networking sites and Shin-ichiro Kagaya explained the development of "One-click Billing Fraud", a trick peculiar to Japan, that uses embarrassment to discourage reporting of fraudulent websites. Katsuyuki Okamoto took the Web 2.0 thread to the detection side and discussed correlation in the cloud.
It is not only developments by the bad guys that can cause problems for AV software. Abhijit Kulkarni and Prakash Jagdale looked at Windows Vista's Transactional NTFS (TxF), and how that can prevent a real-time Anti-Virus scanner from detecting a virus being written to a file. For virtual environments, Shuveb Hussain showed how to achieve Hypervisor Security.
Prompted by Dr. Cohen's soundbite at the EICAR conference that viruses and malware will become the preserve of nation states and will be considered munitions, and related news, such as "cyberwar" in Estonia and Georgia, and calls for an "Internetpol", I moderated an interesting panel on Government Involvement in Anti-Virus with Vincent Weafer, Dmitry Gryaznov, David M. Perry, Randy Abrams and J.Kesavardhanan. The quote of the panel, neatly summarising the consensus that while improved cooperation between Government, the AV industry and users is important, it is clearly infeasible to regulate malware like tanks, was by David Perry, "I don't know what [Dr. Cohen] was smoking that day".
Another question is how to test AV as it changes to meet tomorrow's challenges, Wei Yan presented a methodology to credit AV products that use web reputation services to protect against web threats.
Ian McMillan reported on the continued development of Microsoft's Automated Scanning Service, which has the twin goals of zero malware, and minimising false positives in Microsoft's product releases.
On day two, Suguru Yamaguchi gave a Keynote on Information Security in the time of "Complexity". Hidehiro Yajima then moderated a panel comprised of Masanori Saito, Masayasu Nakano and Yasuhide Yamada discussing Information Security policy in Japan.
A new feature of this year's conference were the Gallery Sessions, which ran parallel to the main stream, in a more relaxed, smaller setting, but without simultaneous translation. Several of the Gallery Sessions were workshops, or tutorials.
The Gala Dinner was an excellent Japanese banquet, with Maiko (舞子) dancing and a very energetic drum and flute performance.
The AVAR2010 conference will take place in Bali Indonesia.