"Congratulations guys! You were right on! "The conference was right on target; the technical information was at a level that was both valuable and comprehensible. The presenters, each an expert in their domain, were willing and happy to share information and passionate about the industry problems. The
virtual atmosphere was comfortable and the presentations were
interesting to listen to.

The well-organized format of the conference allowed the
participants to get maximum use of their time, and at the same time enjoy and absorb the materials.

All together, this conference was more productive compared to
many other non-virtual conferences that I attended in the past.

"I encourage the organizers and the presenters to continue their
hard work; as a participant, I definitely appreciate their efforts. Many thanks!"

Welcome

Moderator: Jeannette Jarvis
Nortel (hosts): John Morris and Eric Kedrosky
AVIEN Administrator: Robert Vibert

Gaby Dowling
Sullivan & Cromwell

THE FOG OF WAR: Informational Challenges to Malware Defense and Incident Response

"War is the realm of uncertainty; three quarters of the factors on which action is based are wrapped in a fog of greater or lesser uncertainty."
Carl Von Clausewitz, "On War"

Ironically, while military strategists are looking to technological solutions to address "the fog of war", informational problems that are not readily solved by technology pose some of the most significant challenges to malware defense and incident response today.

While certain informational problems are more obvious, such as lack of exact details on malware characteristics at the onset of major outbreaks, more insidious problems such as the inflation of minor vulnerabilities as well as the inflation of the abilities of certain defense technologies are also a critical piece of the problem.

This presentation will detail various aspects of these informational issues and how, especially in combination, they play a critical role in undermining both our defensive positions and remediation response.

Mary Landesman

Spy-where?

The very real problem that true spyware presents is compounded by the very real problem that faulty spyware detection presents. Improper classification, i.e. using the spyware moniker to designate lesser threats such as adware and tracking cookies, poses unique challenges for both the home user and enterprise admin. In the case of the home user, an inability to interpret the results properly often leads to a lack of trust in the vendors that are reporting responsibly. This, in turn, causes the user to abandon superior protection in favor of scanners that alert often and use strong language in their reports. And for the enterprise admin, who generally possesses the knowledge to understand the subtleties of these types of detection, the time spent deciphering the logs to separate out actual threats can be costly. These costs are not confined simply to money (i.e. loss of productivity) but also (and more importantly) in terms of increased length of exposure.

This presentation will focus on the problems and challenges of proper detection and proper classification, its impact on various user types, and its impact on the scanning vendors.

John Alexander
Virus Support, Security Threat Assessment Team Security Operations Center, Wells Fargo

Diagnostic Tools: The Next Stage

ABSTRACT:
While some antivirus vendors provide some data gathering tools for
examining suspect systems, often these tools results are not available
to the customer. Additionally, as many large companies know all too
well, one size often doesn't fit all. As we strive to protect our
environments, we are often left with the problem of making up the
difference between what the vendors provide and what we need. As a
result, many companies have evolved processes to compliment their other
security service providers. This presentation will be a generalized
discussion of one company journey in the development of an in-house
diagnostic tool. How over time, in response to various threats we've
and new technologies, we've added various elements to it. How we've
trained our security support staff in it's use. How we have purposed
the tool, test it, know it's limitations, and continue to grow it.

Ken Dunham
Senior Engineer
VeriSign/iDefense Intelligence Team

Criminalization of Code

Motives behind malicious code attacks have dramatically changed in the past few years. The days of notoriety and 15 minutes of fame are quickly fading in light of attacks launched by criminals. Major geopolitical hotspots include Russia, Brazil, India, and the Eastern European block. These hot spots have emerged quickly in the past few years having been heavily influenced by organized criminal groups in each region, weak or corrupted law enforcement, and a depressed economy fueling illegitimate gain.

VeriSign iDEFENSE will provide participants with a unique look into the criminal incidents and trends that concern the major world governments and the biggest F500 networks in the world. This presentation will overview geopolitical hot spots, how organized criminal groups are now impacting the malicious code world in a big way, recent arrests and their impact, and what lies in store given these recent criminalization of code trends.

Mobile threats

Mikko Hypponen
Chief Research Officer
F-Secure Corp

The first real viruses infecting mobile phones were found during late 2004. Since then, dozens of different viruses have been found, most of them targeting phones running the Symbian Series 60 operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth.

This presentation will go through the developments so far and look in to the future of mobile viruses.

John Morris
Anti-Virus Team
Nortel Networks / Information Services

Weapons of Bot Destruction: conventional and non-conventional tactics to defend a network against an evolving threat.

Bots are amongst the biggest security challenges facing corporate and governmental networks. This presentation covers many battle-tested strategies and weaponry for combating the bot armies on your network during an outbreak. It will cover detection strategies, confirming infections, collecting samples, analyzing a Bot, threat remediation and prevention.