[Infowarrior] - Cyberthreat experts to meet at secretive conference

Mon Jan 22 10:01:44 EST 2007

Cyberthreat experts to meet at secretive conference

By Joris Evers
http://news.com.com/Cyberthreat+experts+to+meet+at+secretive+conference/2100
-7348_3-6151860.html

Story last modified Mon Jan 22 04:40:48 PST 2007

Internet security experts are gathering at a secretive conference later this
week to strategize in their fight against cybercriminals.

The meeting on Thursday and Friday at Microsoft's Redmond, Wash.
headquarters is slated to bring together representatives from security
companies and government and law enforcement officials, as well as others
involved in network security. The agenda focuses on botnets and related
topics, seen by experts as a prime threat to the Internet.

"Unlike most other security conferences, we allow only members of the
different relevant groups access, and we discuss organized crime and threats
across bordersŠwith a strong lean toward how we can make things better,"
said Gadi Evron, an evangelist at security firm Beyond Security and
organizer of the event.

Botnets are networks of hijacked computers, popularly called zombies.
Cybcercrooks use these networks to relay spam, bring down Web sites,
distribute spyware and perform other nefarious acts. Microsoft has fingered
zombies as a top threat to Windows PCs.

In the battle between cybercrooks and those protecting the Internet, the bad
guys are often at least one step ahead. Authorities are cracking down and
have had successes in catching, prosecuting and convicting phishers and bot
herders in recent years. But criminals are organizing better and moving to
more sophisticated tactics, including the use of peer-to-peer technologies
in their bot software. The gathering this week is the good guys' effort to
team up.

"These events have been a great way to build trust in the security
community, which can lead to collaboration and data sharing. This helps in
the overall efforts to combat the cybercriminals," said Dave Jevans,
chairman of the Anti-Phishing Working Group, who is slated to speak at the
event later this week.

The two-day meeting is held behind closed doors. "For reasons of
practicality as well as to help members feel safe to share and work in our
environment, some privacy is required," Evron said. "Not everything can be
common knowledge if we are to be successful in combating these threats."

It is not unusual for such meetings to be confidential. After all, it
doesn't make much sense to let the criminals in on the efforts being made to
catch them. Also, this isn't a new thing for Microsoft--the company
regularly holds meetings at its campus that require a nondisclosure
agreement.

Scheduled presentations at this week's event include two talks by Microsoft
on security vulnerabilities that have no patch, known as zero-day flaws, and
the software maker's response to those. There has been a significant rise in
the use of zero-day bugs in cyberattacks. Criminals often exploit security
holes to add PCs to their botnets.

"Microsoft will be presenting our analysis of trends and patterns in its
security response process," a company representative said. "Additionally, we
will be reviewing vulnerability exploitation trends, with a specific focus
on the usage of zero-day vulnerabilities, to attack customers."

Microsoft also said it is "proud to sponsor the workshop, which provides an
opportunity for the security operations community to discuss security
trends, share information and plan for the future."

Torjan horses, phishing and spam--oh my
Aside from various talks specifically on botnets, other presentations dive
into Trojan horses, new styles of denial-of-service attacks, spam, phishing
and weaknesses in protection technologies such as sandboxes and virtual
keyboards on banking sites, according to the event agenda.

Douglas Otis of Trend Micro plans to give a talk on how e-mail
authentication technology called Sender ID could be abused to launch
denial-of-service attacks, he said. Sender ID is a specification pushed
heavily by Microsoft for verifying the authenticity of e-mail by ensuring
the validity of the server from which it came.

Jevans of the Anti-Phishing Working Group plans to present a multiyear
overview of phishing statistics and discuss new trends in the data-thieving
scams, he said. These new trends include use of subdomains, more
man-in-the-middle style attacks and changing attack patterns to also focus
on smaller banks and payment services, he said.

Alex Shipp, a senior antivirus technologist at e-mail security company
MessageLabs, is scheduled to deliver a talk on Trojan horses targeted at a
small number of companies or even individual. It is an update to a
presentation he gave at the Virus Bulletin conference last year. These
targeted Trojan horse attacks are considered dangerous because they could
evade traditional protection mechanisms trained to look for known attacks or
mass attacks.

But Shipp also hopes to leave with answers to a number of questions.
Ultimately, the event should better arm attendees in the fight against
cyberattacks, he said

"What are the bad guys doing now and how can we stop them? Can we do better
than we are currently or do we need a seismic shift in the way we do things
now to solve the problems? What kind of co-operative efforts can we put in
place that would benefit us all?" are some of those questions, Shipp said.

Among those scheduled to attend are representatives from security firms such
as Symantec, Trend Micro and Websense, as well as people from AOL, Cisco
Systems, Microsoft, Sun Microsystems and Qwest. Government and law
enforcement expected to attend include the Federal Bureau of Investigation,
Secret Service and United States Computer Emergency Readiness Team, or
US-CERT. Various universities are also expected to send representatives.

"Cooperation at all levels, technical, legal, government, is needed to
contain the problem," said Righard Zwienenberg, chief research officer at
Norman Data Defense Systems, who is slated to speak on sandboxes at the
event Thursday. "Without worldwide laws and cooperation, we might lose the
battle in the end."