admin

It has been quite some time since I last blogged, in the past few months I mainly used my Twitter account to publish news. Today I want to blog again since the information about the SysSec Network of Excellence will not fit into a single tweet. SysSec is a Network of Excellence in the field of Systems Security, which has been created to build on the successful experience of the FORWARD initiative to work towards:

1. creating a virtual center of excellence, to consolidate the Systems Security research community in Europe
2. promoting cybersecurity education
3. engaging a think-tank in discovering the threats and vulnerabilities of the Current and Future Internet,
4. creating an active research roadmap in the area, and
5. developing a joint working plan to conduct State-of-the-Art collaborative research.

As part of its dissemination activities, the SysSec Network of Excellence proposes to organize a workshop focused on system security research, as the first step towards creating a virtual center of excellence to consolidate the Systems Security research community in Europe. The 1st SysSec Workshop targets researchers from Europe and the rest of the World, with the short-term goal of creating a vigorous forum to map the systems security research area, with particular focus on European security communities. While this workshop invites submissions from all the research groups on systems security in the world, it encourages particularly research groups from Europe to take advantage of this opportunity. The long-term goal of this first of a series of periodic workshops, is to build a reference meeting place of the systems security community in Europe.

I am excited to announce that the website of our start-up company LastLine, Inc., is now live at http://www.tllod.com. The team behind LastLine is composed of people you know from the International Secure Systems Lab (http://iseclab.org), we are coming from the University of California, Santa Barbara, the Vienna University of Technology (Austria), Eurecom (France), and Ruhr-University Bochum (Germany). We all have extensive expertise in malware analysis and malware countermeasures (see our list of publications) and you might know tools like Anubis or Wepawet that have been developed by us.

LastLine, Inc., provides protection technology that is complementary to existing anti-virus software and firewalls. Our approach is based on cyber crime intelligence that we gather by analyzing millions of suspicious URLs and binaries each day. More precisely, using our advanced malware analysis tools, we pinpoint the exploit servers that are behind drive-by exploits campaigns and the command and control server that manage botnets. These servers constitute the malicious infrastructure that is used by cyber criminals to carry out their attacks.

One of the first product we offer is llweb, a tool that analyzes web sites for the presence of malicious code, such as drive-by download exploits. llweb was developed by the creators of Wepawet and you can find out more about the tool at http://tllod.com/products/llweb. We also offer several other tools and services: llmon is a service that helps organizations to determine if their hosts are used to deliver or control malware. We continuously monitor whether a customer's assets participate in malicious activities, and if so, we provide detailed and early warning so that proper mitigation steps can be initiated. llmon was developed by some of the creators of FIRE. Furthermore, we provide access to the list of IP addresses, domains, and URLs that we identify to be associated with malicious activity on the Internet. Customers can obtain continuously-updated intelligence, which can be leveraged internally to identify compromised hosts or configure network access control mechanisms. You can find more about our products at http://tllod.com/what.

The sixth European Conference on Computer Network Defense (EC2ND) will be held at the Faculty of Electrical Engineering and Computer Science at Berlin Institute of Technology (TU Berlin) on October 28-29, 2010. The conference brings together researchers from academia and industry within Europe and beyond to present and discuss current topics in applied network and systems security. EC2ND 2010 invites submissions presenting novel ideas in the areas of network defense, intrusion detection and systems security.

EC2ND 2010 specifically encourages submissions presenting work at an early stage with the intention to act as a discussion forum for innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results.

Important dates:

• Paper submission deadline: July 2, 2010
• Paper acceptance or rejection: August 6, 2010
• Final paper camera ready copy: August 13, 2010
• Conference dates: October 28-29, 2010

The full Call for Papers is available at http://2010.ec2nd.org/cfp/

Recently I recorded a longer podcast together with Tim Pritlove on malware and botnets. It was published a few days ago as Chaosradio Express #155. The podcast is in German and lasts for about 2.5 hours. The podcast is available at http://chaosradio.ccc.de/cre155.html and you can also get it via iTunes.

Here the German description:

Malware hat sich in den letzten 10 Jahren von einem Forschungsfeld zu einer globalen Bedrohung der internationalen Dateninfrastruktur entwickelt. Botnetze stellen dabei die bedauerliche Krönung der kriminellen Aktivitäten dar und es erfordert einen großen Aufwand, diesen Systemen nachzugehen und sie wieder auszuschalten. Trotz eines fortwährenden Katz- und Mausspielchens gelingt es den Sicherheitsforschern immer wieder, große Botnetze vom Netz zu nehmen. Im Gespräch mit Tim Pritlove erläutert Thorsten Holz Geschichte und technische Hintergründe zu Malware und Botnetzen.

Themen: wie sich Malware über die Zeit vom Experiment zum Werkzeug von Kriminellen entwickelt hat; welche Sicherheitslücken ausgenutzt werden; welche Methoden Betriebssysteme haben, sich gegen Malware zu wehren; das Layer-8-Problem; die Antiviren-Industrie; was Microsoft für seine Sicherheit getan hat; Botnetze und Spam und andere Formen der Monetarisierung; wie sich Botnetze gegen Aufklärung schützen; wie man ein Botnetz ausforscht, austrickst und lahmlegt; Botnetze aufspüren mit Honeypots; Botnetze in Behörden und Botschaften; Kommunikation und Kollaboration von Securitygruppen; technische und moralische Probleme beim Herunterfahren eines Botnets; Kooperation mit ISPs; Botnetzbekämpfung vs. Zensurinfrastruktur; Botnetze und der Mac; Konzepte für sichere Betriebssysteme; Security Usability; Automatisierte Malware Analyse.

A quick announcement:

Join us at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, which will take place in San Jose, CA, on April 27, 2010. LEET '10 will provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on.

The program includes:
-- Keynote Address: "Why Don't I (Still) Trust Anything?" by Jeff Moss, Founder, Black Hat and DEF CON

-- Invited Talk: "Naked Avatars and Other Cautionary Tales About MMORPG Password Stealers," by Jeff Williams, Microsoft Malware Protection Center

-- Sessions on threat measurement and characterization, botnets, threat detection and mitigation, and more.

Check out the full program at
http://www.usenix.org/events/leet10/tech/

Connect with the broad community of researchers and practitioners who focus on worms, bots, spam, spyware, phishing, DDoS, and the ever-increasing palette of large-scale Internet-based threats in fostering the development of preliminary work in this diverse area and stimulating discussion of thought-provoking ideas.

Find out more and register today at
http://www.usenix.org/leet10/proga

And please note that the deadline for RAID 2010 has been extended to April 21, 2010. See the Call for Participation for more details. Looking forward to your papers!