ESET Reference Materials Papers Conference Papers
Conference Papers
security solutions
BYOD: (B)rought (Y)our (O)wn (D)estruction?
By Righard Zwienenberg
Presented at the Virus Bulletin 2012 conference in September, this paper considers the pros and cons of the BYOD trend, potential attack vectors, and advice on countermeasures. First published in Virus Bulletin 2012 Conference Proceedings*
Dorkbot: Hunting Zombies in Latin America
By Pablo Ramos
Presented at the Virus Bulletin 2012 conference in September, this paper introduces the main capabilities and features of Win32/Dorkbot and considers why and how Win32/Dorkbot’s activity in Latin America differs from the rest of the world. First published in Virus Bulletin 2012 Conference Proceedings*
Festi botnet analysis and investigation
By Aleksandr Matrosov and Eugene Rodionov
A comprehensive analysis of the evolution of the Festi botnet, its features, its networking protocol, and the ways in which it tries to protect itself from detection. As presented at the AVAR 2102 conference in Hang Zhou.
Defeating anti-forensics in contemporary complex threats
By Eugene Rodionov and Aleksandr Matrosov
Technical and in-depth analysis of the implementation of hidden encrypted storage, as used by complex threats currently in the wild including TDL4, Carberp and ZeroAccess. First published in Virus Bulletin 2012 Conference Proceedings*
FUD and Blunder: Tracking PC Support Scams
By David Harley, Martijn Grooten, Craig Johnston and Stephen Burn
Presented at the Cybercrime Forensics Education & Training Conference in September 2012, this paper looks at the support scam problem from a forensic point of view.
My PC has 32,539 errors: how telephone support scams really work
By David Harley, Martijn Grooten, Steven Burn and Craig Johnston
Presented at the Virus Bulletin 2012 conference in September, this is a comprehensive consideration of the ongoing evolution of the PC telephone support scam. First published in Virus Bulletin 2012 Conference Proceedings*
PIN Holes: Passcode Selection Strategies
By David Harley
Presented at the EICAR 2012 conference in May, this paper considers common strategies for selecting four-digit passcodes, and the implications for end-user security. Originally published in the EICAR 2012 Conference Proceedings.
After AMTSO: a funny thing happened on the way to the forum
By David Harley
Presented at the EICAR 2012 conference in May, this paper looks at how the Anti-Malware Testing Standards Organization might yet retain enough credibility to achieve its original aims. Originally published in the EICAR 2012 Conference Proceedings.
Man, Myth, Malware and Multi-Scanning
By David Harley & Julio Canto
The use and misuse of public multi-scanner web pages that check suspicious files for possible malicious content, and why they're no substitute for comparative testing.
Presented at the 5th Cybercrime Forensics Education & Training (CFET 2011) Conference in September 2011
Same Botnet, Same Guys, New Code
By Pierre-Marc Bureau
A paper describing the functionality and P2P protocol of Win32/Kelihos, its evolution and its points of similarity to Win32/Nuwar (Storm) and Win32/Waledac.
First published in Virus Bulletin 2011 Conference Proceedings*
Fake But Free and Worth Every Cent
By Robert Lipovsky, Daniel Novomesky, Juraj Malcho
Two years on from "Is there a lawyer in the lab", greyware and Possibly Unwanted Applications offer serious challenges for security vendors.
First published in Virus Bulletin 2011 Conference Proceedings*
Daze of Whine and Neuroses
By David Harley and Larry Bridwell
The Anti-Malware Testing Standards Organization (AMTSO) has shaken up the AV testing world and attracted much controversy. But has it outlived its usefulness? And what is the future of detection testing?
First published in Virus Bulletin 2011 Conference Proceedings*
Security Software & Rogue Economics: New Technology or New Marketing?
By David Harley
Presented at the 2011 EICAR conference in May 2011, this paper contrasts existing malicious and legitimate technology and marketing, considering ways in which integration of security packages might mitigate the current wave of fake applications and services.
The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet
By Joan Calvet, Carlton R. Davis, José M. Fernandez, Jean-Yves Marion, Pier-Luc St-Onge, Wadie Guizani, Pierre-Marc Bureau, and Anil Somayaji
This paper, presented at the Annual Computer Security Applications Conference (2010), and to which ESET's Pierre-Marc Bureau was a contributor, discusses alternative approaches to understanding botnet mechanisms, using "in the lab" experiments involving at-scale emulated botnets.
Test Files and Product Evaluation: the Case for and against Malware Simulation
By David Harley, Lysa Myers and Eddy Willems
This paper, presented at the 2010 AVAR conference summarizes the kind of problems that arise when simulated malware is used inappropriately in detection testing, with particular emphasis on the history and correct use of the EICAR test file.
Large-Scale Malware Experiments: Why, How, And So What?
By Joan Calvet, Jose M. Fernandez, Pierre-Marc Bureau, and Jean-Yves Marion
How and why a group of researchers replicated a botnet for experimental purposes, and what use they made of the results.
First published in Virus Bulletin 2010 Conference Proceedings*
AV Testing Exposed
By Peter Kosinár, Juraj Malcho, Richard Marko, and David Harley
Considers the good, the bad, and the ugly in comparative testing, and explores how to lie (or even inadvertently mislead) with detection statistics.
First published in Virus Bulletin 2010 Conference Proceedings*
Call of the WildList: Last Orders for WildCore-Based Testing?
By David Harley and Andrew Lee
Does WildList testing still have a place in testing and certification when dynamic and whole product testing methodologies are now preferred in most testing contexts?
First published in Virus Bulletin 2010 Conference Proceedings*
SODDImy and the Trojan Defence
By David Harley
This paper looks at the implications in the age of the botnet of the "Some Other Dude Did It" and "it must have been a Trojan" defences against conviction for possession of illegal material, especially pornography.
Presented at the 4th Cybercrime Forensics Education & Training (CFET 2010) Conference in September 2010.
Antivirus Testing and AMTSO: Has Anything Changed?
By David Harley
A summary of how the Anti-Malware Testing Standards Organization has developed in the past few years and the way in which the AV and testing industries have responded to those developments.
Presented at the 4th Cybercrime Forensics Education & Training (CFET 2010) Conference in September 2010.
Real Performance?
By Ján Vrabec and David Harley
This paper objectively evaluates the most common performance testing models (as opposed to detection testing) used in anti-malware testing, highlighting potential pitfalls and presenting recommendations on how to test objectively and how to spot a potential bias.
First presented at EICAR 2010 and published in the Conference Proceedings.
Perception, Security, and Worms in the Apple
By David Harley, Pierre-Marc Bureau and Andrew Lee
Apple's customer-base has rejoined the rest of the user community on the firing line. This paper will compare the view from Apple and the community as a whole with the view from the anti-virus labs of the actual threat landscape.
First presented at EICAR 2010 and published in the Conference Proceedings.
Macs and Macros: the State of the Macintosh Nation
By David Harley
This 1997 paper reviews the shared history of viruses and the Mac, summarizes the 1997 threatscape, and considers possibilities and strategies for the future. It's been made available for historical interest because so many people asked about it at EICAR 2010.
First published in Virus Bulletin 1997 Conference Proceedings.*
Please Police Me
By Craig Johnston and David Harley
This paper looks at the ethical, political and practical issues around the use of "policeware", when law enforcement and other legitimate agencies use "cybersurveillance" techniques based on software that resembles some forms of malware in its modus operandi.
First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.
Malware, Marketing and Education: Soundbites or Sound Practice?
By David Harley and Randy Abrams
This paper considers the practical, strategic and ethical issues that arise when the security industry augments its marketing role by taking civic responsibility for the education of the community as a whole.
First presented at AVAR 2009 in Kyoto, and published in the Conference Proceedings.
Malice Through the Looking Glass: Behaviour Analysis for the Next Decade
By Jeff Debrosse and David Harley
This paper considers steps towards a holistic approach to behaviour analysis, using both social and computer science to examine the behaviours by both criminals and victims that underpin malware dissemination.
First published in Virus Bulletin 2009 Conference Proceedings.*
Whatever Happened to the Unlikely Lads? A Hoaxing Metamorphosis
By David Harley and Randy Abrams
This paper traces the evolution of email-borne chain letters, from crude virus hoaxes to guilt-tripping semi-hoaxes, and examines both their (generally underestimated) impact on enterprises and individuals, and possible mitigations.
First published in Virus Bulletin 2009 Conference Proceedings.*
Is there a lawyer in the lab?
By Juraj Malcho
This paper by the Head of ESET's Virus Laboratory explores the complex legal problems generated by applications that can't be called out-and-out malware, but are nevertheless potentially unsafe or unwanted.
First published in Virus Bulletin 2009 Conference Proceedings.*
The Game of the Name: Malware Naming, Shape Shifters and Sympathetic Magic
By David Harley
This paper follows up on "A Dose By Any Other Name", explaining why sample glut and proactive detection have sounded the death knell of the "one detection per variant" model.
Presented at the 3rd Cybercrime Forensics Education & Training (CFET 2009) Conference in September 2009.
Execution Context in Anti-Malware Testing
By David Harley
This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation.
First published in EICAR 2009 Conference Proceedings.
Understanding and Teaching Bots and Botnets
By Randy Abrams
Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and "recruit" them into virtual networks to use them for criminal purposes.
First published in Virus Bulletin 2008 Conference Proceedings.*
People Patching: Is User Education Of Any Use At All?
By Randy Abrams and David Harley
Presents the arguments for and against education as an antimalware tool, and how to add end users as an extra layer of protection in a defense-in-depth strategy.
AVAR Conference 2008
Who Will Test The Testers?
By David Harley and Andrew Lee
Making anti-malware testers and certifying authorities pdf accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing.
First published in 2008 Virus Bulletin Conference Proceedings.*
A Dose By Any Other Name
By David Harley and Pierre-Marc Bureau
Tries to answer questions like; why is there so much confusion about naming malware? Is 'Do you detect virus X?' the wrong question in today's threat landscape?
First published in Virus Bulletin 2008 Conference Proceedings.*
Understanding and Teaching Heuristics
By Randy Abrams
Understanding and teaching the basic concepts behind heuristic analysis and how it is used in the anti-malware industry.
AVAR Conference 2007
Teach Your Children Well - ICT Security and the Younger Generation
By David Harley with Eddy Willems, and Judith Harley
Research based on surveys in Belgium and the UK on teenage understanding of internet security issues.
First published in 2005 Virus Bulletin Conference Proceedings.*
Testing, testing: Anti-Malware Evaluation for the Enterprise
By David Harley and Andrew Lee
Looks at appropriate and inappropriate ways of testing anti-malware products.
AVAR Conference 2007
Phish Phodder: Is User Education Helping or Hindering
By David Harley and Andrew Lee
Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves?
First published in 2007 Virus Bulletin Conference Proceedings.*
From Fun to Profit
By Andrew Lee and Pierre-Marc Bureau
Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come.
Infosec Paris 2007
Microsoft anti-virus — extortion, expedience or the extinction of the AV industry?
By Randy Abrams
Looks at the changes in the corporate culture at Microsoft and the company's re-entry into the anti-malware market. Will it reduce diversity of choice, and will it leave users in any better shape than MSAV did in the 1990s?
First published in Virus Bulletin Conference 2006 proceedings.*
*Copyright is held by Virus Bulletin Ltd, but is made available on this site for personal use free of charge by permission of Virus Bulletin.
Quick Links: Store | Renew | Activate | Free Trial | Online Virus Scanner | ESET vs. Competition | Press Center | ESET Blog | Threat Center | Support | Careers
© 2008-2013 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America. All other names and brands are registered trademarks of their respective companies.
ESET – globálna centrála, Aupark Tower, Einsteinova 24, 851 01 Bratislava, Slovenská republika, Spojovateľka: +421 (2) 322 44 111
Obchodné oddelenie: +421 (2) 322 44 250 (obchod@eset.sk), Fax: +421 (2) 322 44 109
Technická podpora: +421 (2) 322 44 444