_____________________________

Abstracts:

Gaby Dowling Sullivan & Cromwell

THE FOG OF WAR: Informational Challenges to Malware Defense and Incident Response

"War is the realm of uncertainty; three quarters of the factors on which action is based are wrapped in a fog of greater or lesser uncertainty."
Carl von Calusewitz, "On War"

Ironically, while military strategists are looking to technological solutions to address "the fog of war", informational problems that are not readily solved by technology pose some of the most significant challenges to malware defense and incident response today.

While certain informational problems are more obvious, such as lack of exact details on malware characteristics at the onset of major outbreaks, more insidious problems such as the inflation of minor vulnerabilities as well as the inflation of the abilities of certain defense technologies are also a critical piece of the problem.

This presentation will detail various aspects of these informational issues and how, especially in combination, they play a critical role in undermining both our defensive positions and remediation response.
_____________________________

Mary Landesman
Contact: mlande@bellsouth.net

Spy-where?

The very real problem that true spyware presents is compounded by the very real problem that faulty spyware detection presents. Improper classification, i.e. using the spyware moniker to designate lesser threats such as adware and tracking cookies, poses unique challenges for both the home user and enterprise admin. In the case of the home user, an inability to interpret the results properly often leads to a lack of trust in the vendors that are reporting responsibly. This, in turn, causes the user to abandon superior protection in favor of scanners that alert often and use strong language in their reports. And for the enterprise admin, who generally possesses the knowledge to understand the subtleties of these types of detection, the time spent deciphering the logs to separate out actual threats can be costly. These costs are not confined simply to money (i.e. loss of productivity) but also (and more importantly) in terms of increased length of exposure.

This presentation will focus on the problems and challenges of proper detection and proper classification, its impact on various user types, and its impact on the scanning vendors.
_____________________________

John Alexander
Virus Support, Security Threat Assessment Team Security Operations Center, Wells Fargo

Diagnostic Tools: The Next Stage

ABSTRACT:
While some antivirus vendors provide some data gathering tools for
examining suspect systems, often these tools results are not available
to the customer. Additionally, as many large companies know all too
well, one size often doesn't fit all. As we strive to protect our
environments, we are often left with the problem of making up the
difference between what the vendors provide and what we need. As a
result, many companies have evolved processes to compliment their other
security service providers. This presentation will be a generalized
discussion of one company journey in the development of an in-house
diagnostic tool. How over time, in response to various threats we've
and new technologies, we've added various elements to it. How we've
trained our security support staff in it's use. How we have purposed
the tool, test it, know it's limitations, and continue to grow it.

_____________________________

Ken Dunham
Senior Engineer
VeriSign/iDefense Intelligence Team

Criminalization of Code

Motives behind malicious code attacks have dramatically changed in the past few years. The days of notoriety and 15 minutes of fame are quickly fading in light of attacks launched by criminals. Major geopolitical hotspots include Russia, Brazil, India, and the Eastern European block. These hot spots have emerged quickly in the past few years having been heavily influenced by organized criminal groups in each region, weak or corrupted law enforcement, and a depressed economy fueling illegitimate gain.

VeriSign iDEFENSE will provide participants with a unique look into the criminal incidents and trends that concern the major world governments and the biggest F500 networks in the world. This presentation will overview geopolitical hot spots, how organized criminal groups are now impacting the malicious code world in a big way, recent arrests and their impact, and what lies in store given these recent criminalization of code trends.
_____________________________

Mobile threats

Mikko Hypponen
Chief Research Officer
F-Secure Corp

The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses have been found, most of them targeting phones running the Symbian Series 60 operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth.

This presentation will go through the developments so far and look in to the future of mobile viruses.

_____________________________

John Morris
Anti-Virus Team
Nortel Networks / Information Services

Weapons of Bot Destruction: conventional and non-conventional tactics to defend a network against an evolving threat.

Bots are amongst the biggest security challenges facing corporate and governmental networks. This presentation covers many battle-tested strategies and weaponry for combating the bot armies on your network during an outbreak. It will cover detection strategies, confirming infections, collecting samples, analyzing a Bot, threat remediation and prevention.