A new conference paper, two conference presentations, and an article for SC Magazine.
The paper that Larry Bridwell and I presented at this year's Virus Bulletin Conference is now up on the ESET white papers page by kind permission of Virus Bulletin, who hold the copyright: Daze of Whine and Neuroses
Summary: "The Anti-Malware Testing Standards Organization (AMTSO) has shaken up the AV testing world and attracted much controversy. But has it outlived its usefulness? And what is the future of detection testing?"
Two presentations by Eugene Rodionov and Aleksandr Matrosov have also been added:
- Modern Bootkit Trends: Bypassing Kernel-Mode Signing Policy, which they presented at Virus Bulletin, continues their consideration of modern bootkit techniques for evading kernel mode code signing policy as applied to currently In-the-Wild malware.
- Defeating x64: Modern Trends of Kernel-Mode Rootkits is a presentation for the Ekoparty 2011 conference in Buenos Aires, looking in detail at the ways in which rootkit and bootkit authors try to evade kernel-mode code signing policy in 64-bit Windows versions.
Another of my articles for SC Magazine's Cybercrime Corner was published during the conference, though it has nothing to with the conference itself: The art of cyberwar is about a fascinating interview with Major General Jonathan Shaw.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow