Source Barcelona: State Of Malware: Explosion of the Axis of Evil

On Tuesday, September 22nd Ero Carrera and I will be giving a talk at Source Barcelona entitled State Of Malware: Explosion of the Axis of Evil. I am very excited to give this talk for a number of reasons. First, I've only heard amazing things about the Source conference. Second, well it's Barcelona. Finally, this talk is one of a kind. I promise you this type of talk has never been given before.

The talk is made up of two completely different perspectives in the battle against malware. Ero is the CRO at Virus Total (also a researcher with Zynamics). Virus Total processes tens of thousands of pieces of malware a day. Virus Total's perspective is very unique; few if any companies process the amount of malware Virus Total processes. Ero will give you statistics on what Virus Total is seeing, such as the trends in packing, how many samples it processes and information about families it is tracking. This will be the first time these statistics will be made public.

I will be speaking from MANDIANT's perspective. Our perspective differs from Virus Total in that we only deal with very high value targets and very specific custom written malware. It is no secret that MANDIANT is on the forefront of fighting the Advanced Persistent Threat (APT). Daily we are collecting and analyzing malware that has never seen the light of day. We have never given out details about the individual pieces of malware we've collected, and furthermore we've never given out statistics on how our overall collection of APT malware behaves. In this talk, you will receive all kinds of good information, such as what percentage of APT outbound communication is encrypted vs. plain text, or what percentage of APT is actually persistent on the host vs. run once. Some of the statistics I'll be releasing may be very surprising, but also very enlightening.

Our talk will conclude with Ero and I doing our best Ollie the Weatherman interpretation of where we think malware will evolve over the next year or two, and what we can do about it. I'm excited to give this talk because it's a step away from what Ero and I usually present, and the content is so unique. If you're unable to attend the conference look for the slides on our website. Hope to see you there! If you want to meet up for a beer, e-mail me