A Conference For Malware Writers

tsu doh nimh writes "There is a security conference being held in Mumbai later this year called MalCon, and the organizers say it's the first ever conference dedicated to the 'malcoder community.' Brian Krebs interviewed one of them and got this gem: 'Just like the concept of "ethical hacking" has helped organizations to see that hackers are not all that bad, it is time to accept that "ethical malcoding" is required to research, identify and mitigate newer malwares in a "proactive" way.' Bruce Schneier is speaking at a sister MalCon event in Pune, India two days later, and he said he doesn't agree with the organizer's premise that more malware is needed to build better security tools."

What could possibly go wrong?

[craftycoder]

What could possibly go wrong?

Re:

[jd]

Microsoft will doubtless send an engineer so that the malware authors can reserve the bandwidth they need for all those coredumps mentioned earlier.

Re:What could possibly go wrong?

[amorsen]

No amount of malware can ever drain as much performance as Norton Antivirus.

Re:

[sco08y]

No amount of malware can ever drain as much performance as Norton Antivirus.

No malware can suck the life, soul or mind out of you like PowerPoint.

Re:

[kenrblan]

MalCon 2011 - Sponsored by Symantec and McAfee

Re:

[bami]

I doubt as sponsors, more as participants.

Re:

[mark72005]

No amount of malware could ever suck as much bandwidth or create as much annoyance as Norton or McAfee, et al. At least malware isn't always demanding updates and upgrades.

Re:

[Sulphur]

Malware does automatic updates and upgrades.

Re:

[mark72005]

And the malware developers don't give you popups and sound effects and nag screens about it. :)

Re:

[DJLuc1d]

Argh! Beat me to it.

Re:

[leromarinvit]

No amount of malware can ever drain as much performance as Norton Antivirus.

That's the point - install Norton Antivirus and malware will instantly stop bothering you!

Re:

[amorsen]

That's clever! Make the computer sufficiently slow that the malware doesn't find it worth bothering.

I hadn't though of that. I guess I'll have to stop complaining about Norton now.

Re:

[flappinbooger]

No amount of malware can ever drain as much performance as Norton Antivirus.

Comment .... Of .... The .... Week ....

Re:

[RockDoctor]

No amount of malware can ever drain as much performance as Norton Antivirus.

Don't say things like that - you'll only encourage them. Both the malware authors and Norton - both aspiring to new depths of reduced performance.

Too late ; you said it. Just shoulder the blame and follow the rest of the scapegoats over the cliff edge.

Re:

[Smauler]

I'm running Windows Vista, installed a few years ago (very soon after Vista was released), no auto updates, disabled security that I could, always turn off defender at boot, running in administator account, no anti-virus. I'm not anal about the sites I visit - however I never run anything from a source I don't trust at least a bit.

No viruses, no slowdown. I've just moved my PC, but prior to that it was at over a month uptime (I know I should probably turn it off when I'm at work, but I'm lazy).

The myth ab

Re:

[ZosX]

I'm running Windows Vista, installed a few years ago (very soon after Vista was released), no auto updates, disabled security that I could, always turn off defender at boot, running in administator account, no anti-virus. I'm not anal about the sites I visit - however I never run anything from a source I don't trust at least a bit.

No viruses, no slowdown. I've just moved my PC, but prior to that it was at over a month uptime (I know I should probably turn it off when I'm at work, but I'm lazy).

The myth about Windows installs necessarily degenerating and being inherently liable to viruses has to get squished soon - it does nothing for Linux. The users who you are trying to switch over will install any old thing whatever OS they are using.

ps. I just bought a new HD to install Linux on on my computer, I'll probably go Slackware since it's what I'm most familiar with. One of the reasons I'm not running Linux yet is because the fakeraid implementation was pretty technical when I got this computer, and I didn't want to jump right in and hose the partition (which is what the Ubuntu installer suggested... fortunately I knew enough about my system partitioning to not allow it to do that).

So you run with no firewall? No UAC? Geez. You might as leave the door wide open and put a light on. Sure the security of Windows isn't the best ever, but I've found that some is certainly better than nothing. I mean do you use flash? You know that there are like a million exploits right there right? And with no anti-virus scanner or anything, how would you even know if you were infected?

Re:

[Smauler]

I run with nothing protecting me... Remote exploits which do not require user interaction are very rare, especially if you don't run Internet Explorer, I generally run open source applications and/or small 3rd party applications.

I've been following the same policy for 10 years or so, and have had _one_ virus infection that got through, when I was running win2k. It screwed up literally about 3 files,and took about an hout to clean.

And with no anti-virus scanner or anything, how would you even know if you w

Re:

[Voulnet]

Do you check your connections periodically to try and make sure your PC isn't calling back to the mother(bot)ship?

Re:

[228e2]

No viruses

How do you know this? Do you also do online banking from this computer?

Re:

[Smauler]

I don't _know_ it. Neither does anyone. Antivirus does nothing against 99% of online bank fraud, which is caused by users being ignorant (I mean that in the true sense).

I don't do any of my banking online at all.

Ohh, can we? can we? can we?

[Anonymous Coward]

Can we nuke the site from orbit?

Re:

[sco08y]

Bambam, this is Grover.

Grover, this is Bambam.

Bambam, this is Grover. Request, orbital strike, thermonuclear payload, TRP Malcon.

Grover, this is Bambam, send nuclear authorization codes.

Bambam, this is Grover, authorization code follows, "kill it with fire."

Shot over.

Shout out.

Splash over.

Splash out.

Bambam, this is Grover, fire for effect.

Car Bomb

[sycodon]

If ever a car bomb was an appropriate response to anything, this is it.

Re:

[ZosX]

Can we nuke the site from orbit?

How is this remotely a troll? This is the best idea I've heard all day!

Re:

[Mitchell314]

You've never read/watched Andromeda Strain, have you?

Re:

[ZosX]

Can't say I have. :)

Re:

[Mitchell314]

Well then, if you take advise from strangers on /., the old Andromeda Strain movie is one that I would recommend. :)

Not the new movie though, I personally didn't care for it much.

Re:

[ZosX]

I'll have to check it out.

All our rotten eggs in one basket...

[Monkeedude1212]

Take off and nuke the site from Orbit. It's the only way to be sure.

Re:All our rotten eggs in one basket...

[MarkRose]

That won't work. Malware is an ecological/economic niche, and someone(s) or something will fill it.

Re:All our rotten eggs in one basket...

[kenrblan]

That won't work. Malware is an ecological/economic niche, and someone(s) or something will fill it.

Perhaps you are right, but nuking from orbit would be a significant deterrent. Besides, this could become an annual event. Having a contractor like Blackwater nuke it annually would open new jobs for malware enthusiasts each year. There would be construction jobs to rebuild the convention site. Just think of the economic impact! Additionally, it could serve as a method of population control. /s

Re:

[Badbone]

Considering the group, I think they have no problem at all with population control.

Re:

[pinkfalcon]

I was thinking of the exact same quote when I read this....

Re:

[mark72005]

Must not be, or he would propose invade&occupy

Bad analogy is bad

[$RANDOMLUSER]

We need to create new, more virulent biological weapons to improve medicine.

Re:

[Tubal-Cain]

Best way to make cars safer is to crash-test them.

Re:

[easterberry]

best way to make cars safer is to hire people to randomly sabotage people's cars

Re:

[mark72005]

best way to make Soviet Russia is to watch YOU!

Re:

[Anonymous Coward]

god damn fucking boo!

give this fucking meme a rest

Re:

[mark72005]

on Slashdot meme memes YOU!

Re:

[DamienRBlack]

Best way to make cars safer is to put more dangerous people on the road.

Re:

[hedwards]

I wish I had mod points left. That's precisely the point, by definition malware is bad, it isn't like ethical hacking which is a dubious practice, malware is uniformly bad. The only instance that I could possibly imagine an exception to that would be law enforcement taps, but even that's questionable.

Re:

[Ohrion]

Wait what? Since when is ethical hacking dubious?! If I had mod points, you would be modded as a troll. Also, there are very good reasons for ethical malware creation. These are the guys who do research for anti-virus and security firms, not released to the wild. Learning how to do it, so code will be available to STOP or prevent it. If Microsoft and other software companies don't have people at this conference, then they are losing a great opportunity to gain knowledge that can be used to prevent this stuf

Re:

[grcumb]

Wait what? Since when is ethical hacking dubious?! If I had mod points, you would be modded as a troll.

Then it's a good thing you don't have points (and possibly the reason why).

If you disagree, rebut the argument with evidence and reason. Modding people down for being wrong (in your opinion) is childish and, most important of all, unpersuasive.

Re:

[Ohrion]

I do have mod points today, however I did not have any left prior to responding the first time. Modding people down for trollish comments is perfectly acceptable. Telling someone that their respectable and difficult job is "dubious" is really trollish. As for reason, I gave reason in my response. Evidence is not called for in this case; reason may suffice. If you do not believe that to be the case, give evidence yourself so I can see what kind you require to satisfy you.

Re:

[treeves]

Remotely, while they are being driven on the interstate.

Re:

[natehoy]

We need to take perfectly good cars and figure out ways to intentionally crash them under test conditions, so manufacturers know what works and what doesn't under controlled conditions and have the opportunity to determine points of failure and how to work around them.

Re:

[beschra]

Now you're just talkin' crazy talk.

Re:

[shadowrat]

We need bad laws to make better lawyers.

Re:

[Garble Snarky]

You know, if consumer technology ever gets to the point that sk1rpt k1dd1es can mess with DNA and create biological weapons from scratch... I'm pretty sure I will want researchers investigating the creation and mitigation of biological weapons.

Re:

[TubeSteak]

We need to create new, more virulent biological weapons to improve medicine.

Actually, the government has active biowarfare labs churning out new and more virulent bugs specifically so they can create new vaccines and targeted drugs.

Every now and then they discover something that is useful outside the field of biochem weapons.

Re:

[hedwards]

That's not correct. They develop the bugs so that they have something to theoretically use on the other side as a hail Mary, they develop the drugs on the off chance that some of us survive and hopefully none of them. What you're proposing is nonsense, they don't decide that "hey we need a new vaccine," it's more like "hey we need the ability to wipe out everybody else."

But yes from time to time there's useful stuff that comes out of it as a pure accident.

Seriously...

[boneclinkz]

I love it when guys like this try and come off as if they provide some sort of legitimate service, and that they have an actual organized "community."

What's next?

Pedocon: Discussing the tools and tactics of the new generation of pedophiles, to enable parents to better protect their children.

This is genius

[Guido del Confuso]

Also, they're having a conference for criminals down at the local police station. Real big conference, trust me. I bet there'll be booth babes.

Re:

[by (1706743)]

I bet there'll be booth babes.

I'd go for the booth babes at the criminal convention over the malware booth babes...bound to be fewer viruses...

after

[Anonymous Coward]

They should give out free promotional USB memory devices! 100pts. for every attendee you get saying 'Let's see what's on this... oh... what an idiot...!' and facepalming/bursting into flames.

It's a trap!

[spidercoz]

hopefully it really is

Re:

[bsDaemon]

You'd think that if anyone were going to know better than to accept an invitation from a dethroned Nigerian prince to join him on a luxury vacation in the exotic east, it would be these guys... :-/

Re:

[xaositects]

to teach better tucking

MalCon

[Hatta]

They should hold it outside, under a bunch of large canopies. Then they'd be sure to have a lot of MalCon tents there.

Re:

[thePowerOfGrayskull]

Clothiers could set up booths from which to hawk malwear.

Participants ante up some money to compete at writing the best (worst?) malware using an interpreted language. The pooled entrance fees would be placed into the Script Kitty for distribution to the winner.

The possibilities are endless.

Re:

[beschra]

Ouch!

Re:

[mjwalshe]

yep makes the predator fireing solution so much simpler:-0

Re:

[aquila.solo]

I was going to make that exact pun. My hat is off to you, sir/madam.

To prevent this post from being a "+1" let me add the following [eckernet.com].

Ethical Malcoding

[guyminuslife]

Ethical Malcoding: From the people who brought you:

Ethical Terrorism
Ethical Oppression
Ethical Genocide
Ethical Cannibalism
Ethical Amorality
...and many, many more!

Maybe they're hoping that by concentrating enough evil in one room, they'll create a black hole of iniquity that will flush these fuckers down a cosmic toilet.

Re:

[ArbitraryDescriptor]

Ethical Amorality

They give up their scruples so we can have more.

Ethical Cannibalism

[JSBiff]

There ain't no party like a Donner Party [wikipedia.org].

Seriously, the situations are incredibly rare, but I can see in true crisis situations, someone eating the flesh of another person to survive until they can get help/other sources of food, without morally transgressing. I could see a parent, seeing their family on the verge of starvation, giving of themselves (quite literally), so their children could survive. I think such situations could very well be ethical.

Re:

[guyminuslife]

Well, sure, and if SkyNet is destroying all humans and you can stop it by infecting it with a nasty virus, then you're a hero. But that's not really what we're talking about.

Re:

[hesaigo999ca]

It could very well be a way for some agencies to track malware writers, or any newcomers wanting to become the next big malware writer...set up a big FAKE malware convention, have people talk for those who listen, send out proof of concept work using code that is traceable, set up perimeter online to spot any of the same code in the wild, track all ip addresses set up for such activity, and voila, you now have a step up on the bad guys...I also tend to overdo it with watching conspiracy movies!

You leave me no choice but to invoke the power of

[Ungrounded Lightning]

... the Toilet of Power [zebragirl.net]!

Yeah, Right

[MarkvW]

Yeah. Like more murders lead to better murder investigations.

Serial Killers

[medv4380]

But isn't what you say true. Serial Killers are better murders, and they result in specialized training and expertise on the side of the police, FBI, Scotland Yard.

Re:

[aquila.solo]

No, just bomb them to hell; don't bring them back.

Organizer has impressive credentials*

[bl8n8r]

• professional security researcher
• authored custom tools for hacking
• member of the prestigious national security database
• discovered vulnerabilities in pizzahut
• presenter at clubhack

* http://malcon.org/2010/workshops/MalConMalwareAnalysis2010.pdf [malcon.org]

Re:

[hedwards]

So, you're saying that he just has a stunning lack of common sense or ethics?

Thanks for the heads up...

[GigG]

Sounds like a great place for the FBI and every other nation's federal law enforcement bodies set up and find out who the a-holes are.

This is like having a conference for nuke makers

[mysidia]

Under the guise of "helping citizens to develop better detection and understanding of Weapons of Mass Destruction"

Surely weapons of mass destruction do less damage, if they're better understood, and more people know about what techniques are need to make them and how to get around pitfalls and difficulties in constructing WMDs, right?

Nigerian Email Conference

[mattack2]

If you like this conference, maybe you'll like the Nigerian Email Conference: http://j-walk.com/other/conf/ [j-walk.com]

Meeting in Mumbai, huh?

[unitron]

If only they'd scheduled it 2 years sooner.

Where are terrorists when you need them?

[Alex Belits]

Seriously, that's one place where killing of attendees is a perfectly valid reaction of a sane person.

More car accidents to understand drunk driving

[Fryth]

This is insane. Smart people already understand how malware works. This reminds me of Calvin's dad in Calvin and Hobbes saying "____ builds character" no matter what the thing is. Sometimes things are a negative and they're already fully understood that way. That's the way it is.

Bruce Schneier is right here; there is no need for a conference of malware developers.