[real-eyes] MalCon: A Call for ‘Ethical Malcoding’
- From: Steven Clark <kcpadfoot@xxxxxxxxx>
- To: real-eyes@xxxxxxxxxxxxx
- Date: Tue, 24 Aug 2010 11:36:59 -0500
The following is from www.krebsonsecurity.com
MalCon: A Call for ‘Ethical Malcoding’
I was pretty bummed this year when I found out that a previous
engagement would prevent
me from traveling to Las Vegas for the annual back-to-back
Black Hat and Defcon
security conventions. But I must say I am downright cranky that I will
be missing
MalCon
, a conference being held in Mumbai later this year that is centered
around people
in the “malcoder community.”
malcon
According to
the conference Web site
, MalCon is “the worlds [sic] first platform bringing together Malware
and Information
Security Researchers from across the globe to share key research
insights into building
the next generation malwares. Spread across the world, malcoders now
have a common
platform to demonstrate expertise, get a new insight and be a part of
the global
MALCODER community. This conference features keynotes, technical
presentations, workshops
as well as the EMERGING CHALLENGES of creating undetectable stealthy
malware.”
The
call for papers
shows that this security conference is encouraging malware writers of
all shapes,
ages and sizes to bring and share their creations. “We are looking for
new techniques,
tool releases,unique research and about anything that’s breath-taking,
related to
Malwares. If your presentation, when given with all its valid
techno-Jargon can give
our moderators a head-ache, you are right up there. The papers and
research work
could be under any of the broad categories mentioned below. You can
submit working
malwares as well.”
Among the “malwares” encouraged are novel phishing kits, botnets and
mobile phone-based
malware, malware creation tools, cross-platform malware infection
techniques, and
new malware self-defense mechanisms, such as anti-virus exploitation
techniques.
At first, I didn’t know what to make of this conference, which was
initially brought
to my attention by a clueful source in the botnet underground. My
hoaxmeter went
positively bonkers after I pinged both of the e-mail addresses listed on
the site
and each e-mail bounced.
But then I caught up with
Rajshekhar Murthy
, the coordinator for the conference. Murthy said MalCon will be hosted
on Dec. 3
in Mumbai, and then again on Dec. 5 at the
Clubhack 2010 conference
in Pune, India, which has apparently attracted oft-quoted security expert
Bruce Schneier
as a leading speaker.
Murthy confirmed that the idea behind the conference was indeed to
attract malware
writers.
“You are right, the major goal of the conference is to encourage and
foster the creation
of malcode. But it is done for all the good reasons,” Murthy wrote in an
e-mail to
KrebsOnSecurity.com. “There are only a handful companies that dominate
and sell Anti-malware
/ Anti-virus programs, compared to a huge number of malcoders who
release a million
new malwares every year. The approach to the problem is always
“Reactive” and is
done if the malcode is detected in time.”
Murthy continued: “While a conference can be done by inviting the best /
well known
security experts who can share statistics, slides and ‘analysis’ of
malwares, it
is not of any benefit to the community today except that of awareness.
The need of
MalCon conference is bridge that ignored gap between security companies
and malcoders.
They have to get on a common platform and talk to each other. Just like
the concept
of ‘ethical hacking’ has helped organizations to see that hackers are
not all that
bad, it is time to accept that ‘ethical malcoding’ is required to
research, identify
and mitigate newer malwares in a ‘proactive’ way.”
For his part, Schneier said he does not agree with the idea that better
malware is
needed to fine-tune computer security tools.
“The bad guys produce more than enough malware to stimulate research,”
Schneier wrote
in an e-mail.
At any rate, it’s time to get working on your malwares already, people!
Final papers
are due Nov. 10. Oh, and if anyone decides to go and can snag me a
T-shirt from the
con, I’m an extra large.
This entry was posted on Tuesday, August 24th, 2010 at 1:04 am
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] MalCon: A Call for ‘Ethical Malcoding’ - Steven Clark
