Malcon

Logo for the International Malware Conference, MalCon

MALCON is a premier international technology security conference focusing exclusively on proactive malware research and analysis. MalCon is a part of Information Sharing and Analysis Center, in support with the Government of India.

Executed in India by the UK based multinational media company UBM Plc that also owns the infamous Black Hat briefings, MalCon aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.

Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers with interest in malwares and its global impact on economy. The event promotes “proactive” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.

History

MalCon was founded in 2010 by Rajshekhar Murthy,[1][2][3] known as thebluegenius,[4][5] is a science graduate and an ex-employee of Microsoft Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO.[6] Eventually, MalCon became a part of Information Sharing and Analysis Center (ISAC), a non-profit in support with the Government of India in 2011.

Philosophy

The event organizers have issued a FAQ[7] that outlines their philosophy for MalCon, where they explain their objective as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity,[8] he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".

Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare"[9] to describe software’s that may have similar attributes of a malware but are used for defensive purposes.

Controversies

MalCon approach of openly inviting "ethical malcoders" gained a lot of International attention[10] and faced criticism[11] from notable security sites[12][13] and bloggers.[14] On its part, MalCon on its FAQ[7] maintains that “It is not about rapid analysis but about detection. Technology or not, MalCon conference or not, there are new malwares out there constantly being created. Even if the available handful of security vendors have their own team of researchers for analysis, this is not enough. Active and open participation by ‘ethical malcoders’ will help advance the research and containment capability of our existing methods”

Event format

The MalCon convention has the following format:

Publications

The Malware Comic

The malware comic was announced by the MalCon team on day of Maha Shivaratri 20 February 2012 [17] - and stated that they planned to release Zero-days using comics.[18] The comic is expected in two formats - a web and a printed version, where the printed version is specifically for the Indian Government officials, Intelligence agencies and Law enforcement groups, who are regular attendees at the conference.[19]

The Malware Journal

The creation of Malware Journal was formally disclosed at MalCon 2011. The quarterly journal is in collaboration with various hacker groups with the objective of helping coders understand the art behind malcoding for offensive defense and security. This journal is also seen as a remarkable and significant point in the history and evolution of hackers and cyber warfare capabilities of India.

Notable events

MalCon 2012

MalCon 2011

MalCon 2010

List Of Venues

Notes

  1. Paul Roberts (August 25, 2010). "New Conference Wants to Bring Malware Writers Out of the Shadows". Kaspersky Lab Security News Service. Retrieved December 26, 2010.
  2. Pulkit Sharma (August 25, 2008). "Terrorists exploit Mumbai net security". Techgoss. Retrieved December 26, 2010.
  3. Vinod Kumar Menon (March 10, 2009). "India's youngest ethical hacker". MiD DAY. Retrieved December 26, 2010.
  4. Rajshekhar Murthy (February 2010). "Files from thebluegenius". Packet Storm. Retrieved December 26, 2010.
  5. "Rajshekhar Murthy's Official Blog". The Blue Genius. Retrieved M D, Y. Check date values in: |access-date= (help)
  6. Sameer and DJ (December 14, 2010). "What went into making of Malcon?". Techgoss. Retrieved December 26, 2010.
  7. 1 2 MalCon. "FAQ". malcon.org. Retrieved December 26, 2010.
  8. Brian Krebs (August 24, 2010). "MalCon: A Call for ‘Ethical Malcoding’". Krebs On Security. Retrieved December 26, 2010.
  9. "GuuWare". malcon.org. December 1, 2010. Retrieved December 26, 2010.
  10. Sameer (August 30, 2010). "Mumbai MalCon gets media". Techgoss. Retrieved December 26, 2010.
  11. Ted Samson (August 30, 2010). "Malware Convention -- Not a Good Idea". PC World. Retrieved December 26, 2010.
  12. Ed Moyle (September 2, 2010). "Introducing the "Malware Conference for Global Evil (and Mass Effect 2)"". SecurityCurve. Retrieved December 26, 2010.
  13. Kurt Wismer (September 1, 2010). "Of logic and malware". anti-virus rants. Retrieved December 26, 2010.
  14. Security News (August 30, 2010). "Bloggers voice concerns about new malware convention". Sunbelt Software. Retrieved December 26, 2010.
  15. "MalCon 2010 Technical Briefings". malcon.org. November 12, 2010. Retrieved December 26, 2010.
  16. "Panel Discussion: Hiring Hackers for National Security". malcon.org. November 12, 2010. Retrieved December 26, 2010.
  17. MalCon Groups (February 20, 2012). "MalCon announces the Comic on Google Groups".
  18. Indiatimes.com (February 21, 2012). "Hackers to Launch Comics about Malware".
  19. THN (February 22, 2012). "Hackers to release 0-days in comics".
  20. computerworld.com (November 13, 2012). "Researcher to present Windows Phone 8 malware at MalCon".
  21. John Leyden (November 13, 2012). "Even a CHILD can make a Trojan to pillage Windows Phone 8".
  22. GMA-News (November 14, 2012). "Teen hacker claims making prototype Windows Phone 8 malware".
  23. Dru Ashe (November 14, 2012). "Teenager Exposes Security Holes in Windows Phone 8 with Trojan App".
  24. Owen Hughes (November 14, 2012). "Teenager causes red-faces at Microsoft with Windows Phone 8 trojan".
  25. Matthew Humphries (November 14, 2012). "16-year-old builds Windows Phone 8 malware prototype".
  26. Paul Roberts (November 13, 2012). "Windows Phone 8 malware? This teen hacker claims to have created a prototype".
  27. Kerry Butters (November 13, 2012). "Windows 8 Malware Proof-Of Concept Code Revealed".
  28. Michael Mimoso (November 13, 2012). "Microsoft Update Includes Critical Security Update for IE 9, First Patches for Windows 8, RT".
  29. SC Magazine (November 14, 2012). "Windows Phone 8 malware developed".
  30. Lucian Constantin (November 18, 2012). "Security team finds malware that hijacks USB smart cards".
  31. John Leyden (November 20, 2012). "Malware made which can share a smartcard over the internet, Use a bank or ID card as though you had it with you".
  32. Brian Donohue (November 20, 2012). "Researchers Remotely Control Smart Cards with Malware PoC".
  33. 1 2 Darren Pauli (November 19, 2012). "Malware can remotely steal smartcard PIN".
  34. Lets Byte Code (November 18, 2012). "VIRUS PROVIDES HACKERS REMOTE CONTROL OF USB-ADAPTER, READ INFORMATION FROM "SMART CARD" OF USERS".
  35. Jeff Goldman (November 20, 2012). "New Malware Targets Smart Cards".
  36. Bogdan Botezatu (November 20, 2012). "Researcher Seizes Control of Smartcard via Proof-of-Concept Malware".
  37. Jane McCallion (November 20, 2012). "Malware prototype exposes smartcard security flaws".
  38. Jane McCallion (November 20, 2012). "Proof-of-concept Malware Enables Remote Accesses To Smart Card Readers".
  39. THN (November 28, 2012). "Hardware based malware steals contacts from all mobile platforms using only the Audio Jack!".
  40. John Leyden (November 23, 2012). "Mystery Chrome 0-day exploit to be unveiled in India on Saturday - I don't want $60k, I want FAME?".
  41. http://securityledger.com (November 21, 2012). "Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day".
  42. Justin Schuh (November 24, 2012). "Justin Schuh dubious of zero-day claim by Ucha".
  43. Fahmida Rashid (November 23, 2012). "Researcher Set to Disclose Chrome Zero-Day".
  44. The Hacker news (October 28, 2011). "Most advanced and dangerous malware for Apple products".
  45. Sean Gallagher, Ars Technica (December 1, 2011). "Security researcher gets root on Windows 8 with bootkit".
  46. TJD, GMAnetwork (October 29, 2011). "Kinect malware secretly takes, uploads photos".
  47. "MalCon: Malware Hacking Conference for Twisted Pen Testers – Ms Smith". November 21, 2011.
  48. J Dey (December 5, 2010). "Ethical hackers asked to learn Chinese to beat red attacks". MiD DAY. Retrieved December 26, 2010.
  49. Kohi10 (December 5, 2010). "Got Mad Hacking Skillz? Speak Chinese?". MadMark's Blog. Retrieved December 26, 2010.
  50. Uli Ries (December 8, 2010). "Hacker plants back door in Symbian firmware". The H Security. Heise Media Group. Retrieved December 26, 2010.
  51. Norman's Security Blog (December 10, 2010). "Updated Firmware Available... Oh yes, forgot to mention this: with a build in back door!". Computer Security Articles. Retrieved December 26, 2010.

External links

This article is issued from Wikipedia - version of the Sunday, May 31, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.