VB2013 speaker spotlight

Posted by   Virus Bulletin on   Jul 12, 2013

We speak to James Wyke about his research interests and what he aims to bring to VB2013.

The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.

In the build-up to the event we are running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.

Today, we speak to James Wyke who will speak at VB2013 about some of the less well documented aspects of the ZeroAccess botnet.

Tell us a little bit about yourself - your job and your responsibilities.

James Wyke "I am a Senior Threat Researcher with Sophos in the UK. Generally speaking I spend my day carrying out in-depth analysis, identifying new and emerging threats, and coming up with novel and effective approaches to protection."

Can you give us a brief outline of what you will be speaking about at VB2013?

James Wyke "I will be delivering a presentation on the ZeroAccess botnet. I explore some of the less well documented aspects of the botnet and to what ends it is being employed. Areas that will be covered include: hiding command and control information in legitimate-seeming network traffic, using decoy URLs to blacklist researchers' IP addresses, and using bogus domain names to mislead analysis. I will also assess how much revenue ZeroAccess could be generating from BitCoin mining and click fraud."

Why is your presentation particularly relevant to the security community?

James Wyke "ZeroAccess is a huge botnet that has survived and thrived for a considerable amount of time. It is important to understand the mechanisms by which this has been achieved and to what purposes such an entity is put so that we can combat it now and attempt to prevent similar creations from reoccurring in the future."

What can delegates learn from your presentation?

James Wyke "Hopefully delegates will learn a few things they didn't know about one of the largest botnets in existence. "

What other presentations are you looking forward to?

James Wyke "'Behavioural detection of HTTP-based botnets' sounds particularly interesting, as does 'Using statistical analysis of DNS traffic to identify infections of unknown malware'."

What are you looking forward to about your trip to VB2013?

James Wyke "I have been to Berlin before, but didn't get to see much of it last time - it would be great to visit the zoo. Catching up with a few ex-colleagues will be fun, as will meeting new people - and drinking interesting beers in the bar is always enjoyable!"

James Wyke will present 'Back channels and bitcoins: ZeroAccess' secret C&C communications' at 12:00 on Wednesday 2 October.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.

VB2013 takes place 2-4 October 2013 in Berlin, Germany - online registration is now open - we'd love to see you there!

Posted on 12 July 2013 by Helen Martin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.