---- The 17th EICAR Annual Conference May 4-6, 2008 Laval, France ----
Arrival in Laval, France via the high-speed TVR rail service I was met by a beautiful spring day.
Figure 1 View from Rue de la Paix looking south along the Chemin de Halage Sud
The location for the 17th EICAR Annual Conference could not have been better to foster the exchange of ideas, research and insight on malware trends and how to protect and defend against the insidious threat it poses.
The Conference would be held at the conference center 'Les Onidines'. On Sunday evening EICAR held its annual members meeting. As an observer to this meeting I can note the discussion was lively and filled with debate. Reports on the improved health of EICAR were a welcome sign pointing to an increased involvement in our industry. The directors stressed two key directions for the next year that EICAR would focus on. The first is the technical and legal aspects of the industry. Pointing to laws in some countries making it illegal to own some of the tools that are key to the research and development of anti-malware detection and solution, EICAR has legal expertise within its membership to address the issue. More of this would be highlighted in the opening keynote presentation. The second key direction is to focus on is the state of testing. The directors express concern that current initiatives being developed by the newly formed Anti-Malcode Testing and Standards Organization (AMTSO) are not based on any scientific research or methods. EICAR will be addressing testing by calling for white papers on testing and standards. The call for papers would happen in the very near future allowing EICAR to evaluate the research and start initiative on standards based on the research.
Figure 2 L-R Eric Filiol - Conference Chair, Rainer Fahs -Chairman, Eddy Willems Director Information and Press
Following other official business issues, EICAR announced that the 18th EICAR Annual Conference would be held, tentatively, May 11 and 12, 2009 in Germany. The conference committee has narrowed the location to either Berlin or Dresden.
The events of Sunday evening concluded with a Welcome Party held outside on the terrace of Les Onidines. Hors d'oeuvres and French champagne accompanied making of new friends in the industry and re-establishing contacts.
Monday, May 5, 2008
Opening - Welcoming all attendees to the conference, EICAR Chairman Rainer Fahs outlined the theme for the 2 days as well as highlighting the nature of presentations. He also noted the diverse backgrounds from industry, government, military and academia in attendance as well as the geographic range attendees came from. This addressed pre-conference concerns on the location being difficult to get to. To this observer, Laval was an ideal location for a conference. The mayor of Laval, France was introduced and spoke briefly on how pleased the people of Laval were to be the host city for this conference.
Keynote Presentation - Prosecution and law enforcement in the context of IT security solutions development - a European outlook by Professor Dr. Nikolaus Forgo, University of Hanover and University of Vienna. Prof. Forgo highlighted the difficulties in distinguishing valid and legal possession and use of development and forensic tools versus illegal our misuse of the same tools.
Prior to one of the exquisite meals of local French cuisine, Dennis Jlussi & Christian Hawellek, University Hanover discussed "The Cybercrime Convention and a Comparative View on its Transposition".
The conference continued with two simultaneous tracks. The agenda is available on the EICAR site. Of note was a presentation by Francois Paget, Welcome to virtual worlds. In his talk, Francois explained the parallel economy that has developed between the real world and the virtual world, the adaption by criminals to participate in the parallel economy, tragic and sad criminal acts within the virtual worlds and concluding with programming techniques use to create scripts and exploits in Second Life.
It was difficult to choose between the two presentation tracks as many of the presentations I would have like to view were given simultaneously. For example Detecting Virtual Rootkits with Cover Channels by Cedric Lauradoux and Simulating Malware with MalSim Rafal Leszczyna, Igor Nai Fovino & , Marcelo Masera. I choose Simulating Malware. The presentation was on the initial research of this project, but stimulated many questions regarding the creation of simulated malware effects and if that is any different than actually creating malcode which is a practice not accepted by the industry.
All sessions were very well attended. The conference provided coffee breaks allowing more discussion of presentations as well as the opportunity to network with the attendees. Monday night's gala dinner was held in the MUSEE D'ART NAIF or "Old Castle accompanied by traditional folk music
Figure 3 MUSEE D'ART NAIF
Figure 4 Traditional Folk Music Band
As with all good dinners in France, excellent wines complimented the entre. The highlight of the meal was the tempting dessert.
Figure 5 Ready to enjoy dessert.
Tuesday, May 6, 2008
The featured presenter opening Day 2 was Boris Sharov, CEO, Dr. Web on the topic of "Win32.Ntldrbot or Rustock.C: myth and reality" This excellent presentation outlined the history of the Rustock family and introduction of evidence on the long rumored Rustock.C variant. Rustock.C is a sophisticated polymorphic with self-protection of the rootkit that makes its extraction and analysis extremely difficult.
Figure 6 Boris Sharov, CEO, Dr. Web
The remainder of the day followed the same two tracks of well attended presentations. From the not so technical, "How to Win at Whitelisting" by Mario Vuskan to "Keeping Up With The Botnet" offered by Andrei Gherman or highly technical Student Paper "Detection of Metamorphic and Virtualization-based Malware using Algebraic Specification" by Matt Webster and Grant Malcolm from the University of Liverpool, UK., information reached every level of attendee.
Upon the closing moments, Rainer Fahs, asked for participation in the call for white papers on testing. Testing will be the theme for the next year. All are invited everyone to the 18th Annual EICAR Conference.
Submitted by Andy Hayter, Anti-Malcode Program Manager, ICSA Labs on behalf of AVAR