Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: 2010 CARO workshop (Computer Anti-virus Research Organisation)

28 May 2010   #1

Win 7 Ultimate 64-bit. SP1.
2010 CARO workshop (Computer Anti-virus Research Organisation)

CARO Workshop 2010 - Day One
Greetings from picturesque Helsinki where the 2010 CARO workshop (Computer Anti-virus Research Organisation) is being held. This year the focus is on the the scale of the malware problem, a problem all anti-virus vendors have no choice but to deal with.

The keynote speaker was veteran anti-virus expert Dr Alan Solomon (famous, of course, for Dr Solomon’s Anti-Virus Toolkit before his company was ultimately acquired in the late 1990s by McAfee). A couple of the guys who work at Sophos used to work for Alan back then, including SophosLabs director Mark Harris and Graham Cluley (Graham wrote about some of his experiences working for Alan over on his blog)

CARO workshop is attended predominantly by anti-virus vendors (with ponytails it seems, only Alan Solomon was wearing a Santa Claus hat) and others involved in the computer security world so it is only fitting that the presentations today have revolved around practical issues such as sample sharing and other volume-related topics.

So there have been several graphs showing exponential sample growth and data explaining that anti-virus will be dead by 2012. Yikes! It sounds like it’s game over.
Well, not quite. Fortunately Roel Schouwenberg from Kaspersky Labs had the sensible hat on. Focusing on detecting executables, which, although they are by far the most common threat we see, is not the only (or best) way to protect users. The executable is normally the last link in the chain but there are normally multiple other opportunities to block the threat.

For example, if you block your users from going to a dodgy domain, you don’t need to worry about any malicious executables hosted there. This is something we’ve been doing for a while at Sophos.

Source - CARO Workshop 2010 - Day One | SophosLabs blog

CARO Workshop 2010 - Day Two
Today’s talks were much more upbeat. Instead of dwelling on the asymptotic apocalypse we’re all apparently hurtling towards, speakers presented case studies of some of the most interesting recent malware and practical methods for conducting analysis, classification and even testing.

Cristian Craioveanu of Microsoft kicked off the day with analysis of the Aurora exploit attacks, supposedly launched from China and targeted at Google and several other high-profile companies. We blogged about this at the time and mentioned that Sophos’ BOPs technology would effectively prevent the exploit from causing any damage to our customers. Cristian laid out the complete timeline of the exploit and presented prevalence data for the exploit which clearly showed that use of the exploit exploded after it was leaked to the public and subsequently made available on Metasploit.

That talk was followed up by another case study, this time by Peter Kruse and Dennis Rand of CSIS. They talked about a banking Trojan that they believed had stolen at least 2 million kroner from Danish banking customers and had also been used to attack banks in the US, Ireland, Greece and Holland. They gave the checksum of a sample in their talk and we can confirm that Sophos detects this family of banking Trojans as Troj/Alvabr-Gen.

Source - CARO Workshop 2010 - Day Two | SophosLabs blog

My System SpecsSystem Spec

 2010 CARO workshop (Computer Anti-virus Research Organisation)

Thread Tools

Similar help and support threads
Thread Forum
BSOD 00x50 vipre anti-virus conflicting with new anti-virus
I did a bonehead move of installing PC tools anti-virus before uninstalling vipre on my wife who's out of town. The kids infected it playing flash games. long story short, Her Gateway (win7 home premium) is on a a start-up loop. All I can get to work with a recovery disk is get into the DOS prompt...
BSOD Help and Support
Anti-malware, Anti-virus, Anti-spyware
First of all i would like to apologize if this topic is in wrong category, or it should not even be asked on this site. And second of all, please be patience :) i'm a noob looking for answers :o So whats all about? Well i'm meeting new terms here and i have no idea what they mean and what they do....
System Security
Permission Research virus
So two days ago, i clicked on the Permission Research website because it was for an offer. When i signed up, it made me install the Permission Research program or process. However, today when i was on the internet, my internet wouldn't let me access hotmail and only showed a blank space. Thinking...
System Security
How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)
How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections) Source ...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:45.
Twitter Facebook