ABSTRACT for AVAR2000
November 28, 2000
IT security policy of MITI, Japan (Keynote speech)
In this keynote speech the following topic
will be introduced and discussed:
- IT security policy development for the
Government of Japan as a whole
- IT security evaluation and certification
- Evaluation of cryptographic technologies
- Technological solutions for IT security
management
- Education and recruitment of IT security
personnel
- Computer anti-virus activity in Japan etc.
Yoshitaka Toui
Director
Office of IT Security Policy
Ministry of International Trade and Industry
Japan
Computer Virus Situation and Anti-virus Activities
in Korea
April 26th 1999, Korea lost 1.8 million dollars
and thirty thousand personal computers were
damaged by CIH computer virus. In May of
1999, the Korean government formed a special
Anti-virus team inside at the KISA and running
with 4 Anti-virus companies, 4 Data-backup
& Recovery companies, and 6 Internet
service providers very closely. This anti-virus
team is mainly focused on the duty of forecast
and test the new viruses.
In Korea, in quantity wise, domestic computer
viruses were increased rapidly since '96
compared with imported computer viruses.
Department of investigation and prosecution
& police department enforced the law
and arrested huge number of korean computer
virus criminals in 1997 and 1998. Due to
the lawful movement, number of domestic computer
viruses were dropped since last year. Now,
there are more numbers of imported computer
viruses exist and working in Korea. From
Dec 30th 1999 through Jan. 4th 2000 which
was the turning point of new millenium, the
Korean government formed a special Y2K team
inside of KISA to fight against Y2K computer
virus and hacking. Korea didn't have any
problems due to this special Y2K team with
fast forecasting and warning the 5 different
types of computer viruses like Fix2001, NewApt,
MyPics and so forth.
Recently, as the big internet shopping mall
and important sites in the United States
were attacked by hackers, the Korean government
established the Hacking and computer Virus
Consulting & Assistance Center(HVCAC)
inside at the KISA and operates 24 hours
to protect personal privacy & information
resource from the people in Korea. Due to
the activities of this organization, CIH
damages were only 100,000 dollars which was
only 5.6% compared with the last year and
17,000 personal computers which were 56%
of the last year so, the damage could minimized.
Also, in case of the "LoveLetter"
internet worm which was notorious for fast
spreading and damaged PCs all over the world
on May 4th could damage only 88 cases in
Korea, due to the fast and wide spread warning
and forecast of the virus through the mess
media and it was due to the date to, May
5th was holiday in Korea.
Near future, we will focus on developing
detection and removal technologies of the
Linux virus, Trojan horse and developing
the immunity system against next generation
new malicious computer viruses with the cooperations
of universities and korean anti-virus companies.
Jaesung, Kim
Researcher
KISA (Korea Information Security Agency)
Korea
EICAR: European Institute for Computer Anti
Virus Research
This presentation will introduce EICAR and
its function. The following will be addressed:
- History of EICAR
- EICAR charter and code of conduct
- Goals and Objectives
- EICAR task Forces
- EICAR Conferences
Rainer Fahs
Chairman of the Board
EICAR
Belgium
Testing for Broken Anti-Virus Software
The effective use of anti-virus software
requires diligence in testing, configuration,
and observation. There are many circumstances
that can cause anti-virus software to fail
to detect a virus. The reasons for detection
failure include user error, software malfunction,
software conflicts, poor interface design,
and combinations of these factors and others.
This presentation will demonstrate examples
where detection has been compromised and
tests that can be performed to reveal the
existence potential detection problems.
Randy Abrams
Release Technical Specialist
Microsoft Corporation
USA
November 29, 2000
Computer Virus Incident Reports in Japan
IPA receives reports about infections and
damage caused by computer virus since April
1990. This presentation will explain about
how this reporting system works, and also
show the current status and trend of virus
incidents in Japan by comparing the statistics
of the year 1999 the first half year of 2000.
Toshiaki Kokado
Manager
Office of Computer Virus Countermeasures
IT Security Center
IPA (Information-technology Promotion Agency)
Japan
Picture This: A Graphical Representation
of Viral Concentration
Each month, WildList Organization International
(WLO) gathers more information about computer
virus incidents that occur "In the Wild".
The information arrives in the form of electronic
report forms. This information is straightforward
enough, however there are a few esoteric
pieces that have remained mostly unused -
specifically virus frequency and virus incident
location.
Necessary during collation of The WildList,
virus frequency and incident location information
do not convey easily in published form. Nonetheless,
it is of great value. If viewed in a certain
light, it can, for example, tell us which
computer virus is the most prevalent - at
that moment or over a period of time. Locational
data may suggest where the virus is most
prevalent, if there exists a hot zone (an
area of unusually high virus activity (either
virus- writing or incidents) or even virus
spread patterns.
In this article, the data gathered by WLO
about live computer virus incidents - reported
frequencies and incident locations - are
used to paint a graphical picture of the
computer virus threat. While the frequency
and location data are "hard", interpretation
of it is not. While reading this paper or
looking at its graphs, the reader should
keep in mind the information presented is
only one interpretation. A completely different
interpretation of the same data could just
as easily be made and indeed, recommended!
Shane Coursen
Board Member
WildList Organization International
USA
Rapid Virus Exchange
The efficiency of current anti-virus warfare
depends on the speed with which anti-virus
manufacturers obtain virus samples, the speed
with which the cure is found and the speed
with which the cure can be distributed to
the users of anti-virus software. The need
for cooperation amongst the anti-virus manufacturers
has never been greater than today, as no
manufacturer can be guaranteed to get all
the samples of all viruses.
Once an anti-virus manufacturer gets a sample,
they need to distribute it to other anti-virus
manufacturers quickly and securely. REVS
(Rapid Exchange of Virus Samples) is a system
which has been set up to do exactly that,
using secure digital signatures and public
key encryption.
The presentation will describe the functioning
of REVS and show how it contributed to the
expedient curing of the Love Bug incident.
Jan Hruska
Technical Director
Sophos Anti-Virus
England
Virus Landscape in Singapore
This presentation will describe major virus
incidents in Singapore and the extent of
impact they had. Various anti-virus initiatives
in Singapore will also be introduced.
Goh Seow Hiong
Deputy Director, Infocomm Security
Infocomm Development Authority of Singapore
Singapore
The Virus and AntiVirus Industry in Asia
For many years, High Tech as associated with
Asia has always referred only to Japan and
Taiwan. And less than five years ago, there
was something called, the Asian Crisis. But,
China, Korea, India, and many others in the
region are coming on strong. This includes
the spread of the usage of computers, and
thus a greater need for anti-virus. This
also includes an increase of virus writers
and viruses coming from the region. This
presentation will be an insight into Asian
developments as compared to elsewhere in
the world and a look into what AVAR must
do to respond to this new challenge.
Jimmy Kuo
McAfee Fellow
USA
Fencing the Defense
This paper will describe the battle system
managers have to do to secure their systems.
Not only do they have to battle the virus-threats,
but they also have to battle the differences
between the different anti-virus products.
Especially where more than one product does
not give the same result, this leads to confusion.
Righard J. Zwiennenberg
Senior Virus Research Engineer
Norman Data Defense Systems
Netherlands
Future viruses on PDAs and mobile phones
Future viruses will target mobile and hand-held
devices more and more. We've seen the first
examples of traditional viruses with payloads
relating to mobile phones. In the future
we can expect the virus writers to target
both traditional PDAs and smart phones with
trojan horses, mass mailers and real viruses.
How exactly do we expect this threat to develop
and what can we do about it?
Mikko Hermanni Hypponen
Manager, Anti-Virus Research
F-Secure Corporation
Finland