Sophos malware experts to speak at 2nd International CARO Workshop

April 29, 2008 Sophos Press Release

Paul Ducklin
Paul Ducklin, Head of Technology for Asia Pacific will be giving the keynote address at the CARO event.

Sophos, a world leader in IT security and control, announced that Paul Ducklin, Head of Technology for Asia Pacific, has been selected to give the keynote address at the 2nd International CARO Workshop. CARO, the Computer Anti-Virus Researchers' Organization, is meeting on 1-2 May in The Netherlands to discuss the technical issues surrounding malware packers, decryptors and obfuscators.

"These days, packing and obfuscation tools, even those commonly and unashamedly associated with malware, are frequently used by apparently-legitimate software vendors. Programming techniques which greatly benefit malicious code are thoughtlessly copied by legitimate users, even though any number of alternatives might be available," said Paul Ducklin, head of technology asia pacific at Sophos. "Security professionals alone cannot fix this. The industry as a whole needs to go through a continuous, iterative process of identifying programming practices which can be considered lost to cybercrime; describing safer replacement techniques; and vigorously insisting that coders, vendors, suppliers, ISPs and the like make the switch from bad to good."

Ducklin is considered one of the world's leading virus experts and has presented at various industry events including: Virus Bulletin, ICSA and AVAR conferences. He has also written many articles on the virus threat and is a respected industry commentator.

Separately, on Friday 2 May at 15:45, SophosLabs malware expert Boris Lau will be presenting his paper "Dealing with virtualization packers".

"Virtualization packers translate the original code of a malware sample into their own unique set of instructions which is then interpreted by the embedded virtual machine. Unpacking samples protected by a virtualization packer is very expensive in terms of both analysis effort and the efficiency of unpacking," explained Lau. "My paper explores a new technique to deobfuscate virtualization packers to achieve semi-automated analysis of samples."

For more information on the 2nd International CARO Workshop, please visit: www.datasecurity-event.com