ESET at Virus Bulletin 2017

The annual Virus Bulletin International Conference (VB2017) takes place in Madrid, Spain this October and ESET will be well represented across the three-day event.

More than 400 delegates, including the world’s leading IT security experts will be on hand to share their expertise, research, and predictions at the conference that runs from 4-6 October.

Now in its 27th year, VB2017 will see eight members of the ESET team present on a wide range of topics over the three days.

Day 1

On Wednesday at 3pm in the Red room, Peter Kálnai and Michal Poslušný will be presenting their research on how browser attack points are still abused by banking trojans.

“With the ever-increasing use of banking-related services on the web, browsers have naturally drawn the attention of malware authors. They express an interest in adjusting the behaviour of the browsers for their purposes, namely intercepting the content of web forms, modifying server responses manifested as webinjects, and confirming validity of spoofed SSL certificates…

Later that Wednesday at 5pm, also in the Red room, ESET’s Global Security Evangelist, Tony Anscombe, will be presenting ‘A visit to the dark side’ — a talk that focuses on how difficult it is to acquire a customized malware strain that could be used to target businesses or consumers to gain money or personal data.

Day 1: About the speakers

Peter Kálnai is a malware researcher at ESET. He is interested in discovering and extending the features of Volatility Framework. He has actively participated in international conferences including Virus Bulletin, RSA Conference, CARO Workshop, Botconf, AVAR and cyberCentral.

Michal Poslušný is a malware analyst working at ESET, where he is mainly responsible for reverse engineering of complex malware threats. He also works on developing various internal projects and tools and is a co-author of ESET’s CrackMe used for hiring new talents.

Tony Anscombe: With over 20 years of security industry experience, Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and internet safety. Anscombe has served on the board of MEF and FOSI and holds an executive position with the Anti-Malware Testing Standards Organization (AMTSO).

Day 2

The second day of the conference will see Filip Kafka speak about FinFisher, and the new techniques used to infect popular vectors at 10am in the Green room. The infamous spyware FinSpy continues to be in active use in 2017, despite the fact that a lot of security experts have been monitoring the threat.

“The trojanized software is interesting, but this is something that has been done by other malware in the past; in fact, it is the most popular method of spreading Android malware. However, the key aspect of FinSpy’s new distribution mechanism is a unique way of serving the trojanized installers through a man-in-the-middle attack, which allows the operators to target specific victims…

Előd Kironský follows on from Filip at 11am in the Red room and will be talking about Spora: the saga continues a.k.a. how to ruin your research in a week, along with his former colleague at Avast, Jakub Kroustek. They will be focusing on the recent changes, depicting the new unique delivery mechanism, and visualizing shifts in its spread targeting.

ESET Senior Research Fellow David Harley will be speaking about his paper: The (testing) world turned upside down, at 11am. He will be re-examining some of the major points of the paper such as the good, the bad and the ugly in early product testing and the slow-burn reaction of the security industry. Following the presentation, David will be chatting about the issues raised with the audience with a discussion led by AMTSO’s John Hawes.

The final ESET representatives to speak at Virus Bulletin 2017 will be Anton Cherepanov and Robert Lipovsky, who will be talking at 14.30 on Thursday in the Green room. The guys will be speaking about Industroyer: biggest threat to industrial control systems since Stuxnet.

Industroyer is the first ever malware specifically designed to attack power grids. Their presentation will cover a detailed study of Industroyer’s malicious payloads that directly interfere with the targeted industrial control system.  They will also be discussing why they believe Industroyer can be considered the single biggest threat to industrial control systems since the Stuxnet worm.

Day 2: About the speakers

Filip Kafka is a malware analyst in ESET’s Malware Analysis Laboratory. His main responsibilities include detailed malware analyses and training new reverse engineers in the ESET Virus Lab, but his professional interests, as well as his latest research, focus on APTs.

Előd Kironský joined ESET in September 2017 as Head of Core Technology Development. His responsibilites include leading the development of detection technologies along with designing new features and improving the detection, performance and reliability of ESET products.

David Harley is a security researcher, author and editor. His academic background is in social sciences and computer science. VB2017 sees his 16th Virus Bulletin paper.

Anton Cherepanov graduated from the South Ural State University in 2009. Currently working at ESET as a malware researcher, his responsibilities include the analysis of complex threats. His research has been presented at numerous conferences, including Virus Bulletin, CARO Workshop, PHDays, and ZeroNights.

Robert Lipovsky is Senior Malware Researcher in ESET’s Security Research Laboratory, having worked for ESET since 2007. He is responsible for malware intelligence and research and leads the Malware Research team in Bratislava. He is a regular speaker at security conferences, including Virus Bulletin, EICAR, and CARO.

VB2017 will be one of the most interesting events of the year, and the three-day conference is packed with some great speakers and events that will keep those who attend both entertained and informed.

Author , ESET

Follow us

Copyright © 2018 ESET, All Rights Reserved.