The Virus Bulletin 2010 conference

This is my first blog posting as part of the Commtouch team so it is probably a good idea to introduce myself. My name is Robert Sandilands, I have been involved in the antivirus industry from 1995 and I came to Commtouch through their recently completed acquisition of the antivirus assets of Authentium. I have been with Authentium since 2003. I am currently Director: Antivirus for Commtouch.

The “Stuxnet” Virus Bulletin 2010 conference was held in the beautiful city of Vancouver from 29 September 2010 to 1 October 2010. As usual the conference was well organized and everything went smoothly. The most notable event was the Stuxnet frenzy and it overshadowed the conference a little bit.

The presentations on Stuxnet by the 3 antivirus companies involved were technically excellent and politically exquisite. Unfortunately that did not help much. People have stories they want to tell and they will misquote the best prepared statements and papers to tell their version of the story.

The messages I took away from the conference were:

1. It is quite impressive how the industry can co-operate when needed to protect their customers.
2. Many people have predisposed opinions and will misquote facts and statistics to confirm their opinions instead of using them as presented.
3. The days of kids writing malware for the fun of it is long gone. These days it is a field for professional criminals out to make money and/or other nefarious purposes. They are well funded and organized.
4. I am so glad I am not one of the people that worked on the analysis of Stuxnet. I don’t know what the worst part of it was: The media frenzy or the thought that some very well organized and funded group of people with no moral values may not like you that much anymore.
5. Researching malware is hard. Given the complexity of malware the best you can get is a glimpse of what is really happening except if you spent an insane amount of time on it. That only improves the quality of the glimpse, especially if it is like Stuxnet that was written to attack a very specific and totally unknown target.
6. Statistics can be misleading, but people love to hear them anyway. People were able to produce seemingly contradictory statistics about Stuxnet. To add to the confusion I can quote some more statistics that you may find useful, or meaningless: To date in 2010 we have received at least 1,062 unique files that could be related to Stuxnet.