|
|
| Publications Below you will find a list of published papers and articles I have written. The full paper presented at the 2009 Virus Bulletin Conference, entitled: 'Virtual Machines for Real Malware Capture and Analysis' is available in PDF (Adobe Acrobat) format. This paper will show how useful virtual machines are to security professionals, using VMware as a working platform. It will also discuss ways to use VMware to not only analyse what a new malware does, but also how to set up virtual machines and networks to capture malware. It will also discuss a selection of known anti-vm malware [including Conficker] and the ways they detect that they are running in a virtual machine.
The full paper presented at the 2008 Virus Bulletin Conference, entitled: Malware Forensics : Detecting the Unknown'
is available in PDF (Adobe Acrobat) format.
This paper covers how to deal with a system/network which may be infected by new or currently unknown malware.
This paper will look at what tricks, tools and techniques you can use to help establish the true state
of the 'suspect' system. It will focus on a step by step approach of what tools to use, what to look for
and what to do with any suspicious files. It will also discuss the use of forensic tools in such a
scenario, as a last port of call. The paper will draw on real scenarios where new [undetected] malware has been responsible for 'odd' system or network behaviour. This is an updated version of the EICAR 2008 paper.
The full paper written for the 2008 EICAR Conference, entitled:
'Where To Now: Detecting The Unknown?'
is available in PDF (Adobe Acrobat) format.
This paper covers how to deal with a system/network which may be infected by new or currently unknown malware.
This paper will look at what tricks, tools and techniques you can use to help establish the true state
of the 'suspect' system. It will focus on a step by step approach of what tools to use, what to look for
and what to do with any suspicious files. It will also discuss the use of forensic tools in such a
scenario, as a last port of call. The paper will draw on real scenarios where new [undetected] malware has been responsible for 'odd' system or network behaviour.
2007: The Year of the Social Engineer? - Virus Bulletin, January 2008 Book Review: Birds of a Feather... - Virus Bulletin, November 2007
The full paper written for the 2007 Virus Bulletin Conference, entitled:
'The Journey, So Far: Trends, Graphs and Statistics'
is available in PDF (Adobe Acrobat) format.
This covers malware, right from the initial ideas of 'self reproducing machines', at the end of the 1940s up to the end of July 2007 when malware [and its use] has become a commercial business. The paper includes lots of data, including malware firsts, trends and statistics. It looks at not only the birth and development of malware over the years, but also the birth and development of anti-malware tools and techniques.
The full paper written for the 2006 Virus Bulletin Conference, entitled:
'Rootkits - Risks, Issues and Prevention'
is available in PDF (Adobe Acrobat) format.
This covers what rootkits are, and more importantly, what they are not. The risks and other issues they bring to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.
The full paper written for the 2006 EICAR Conference, entitled:
'Spyware: Risks, Issues and Prevention'
is available in PDF (Adobe Acrobat) format.
This covers what spyware is, the risks and other issues spyware brings to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.
2005
The full paper written for the 2005 Virus Bulletin Conference, entitled:
'Bots and Botnets - Risks, Issues and Prevention'
is available in PDF (Adobe Acrobat) format.
This covers how Bot and Botnets work, the risks and other issues they bring to corporations, academia and home users alike. The paper also suggests a number of ways to address these risks and issues. These range from simple methodologies through to technological solutions and tools.
The full paper written for the 2005 EICAR Conference, entitled:
'Anti-Malware Tools: Intrusion Detection Systems'
is available in PDF (Adobe Acrobat) format.
This covers how SNORT can be used to detect malware (viruses, worms, trojans) as well as the more usual network threats that IDS is normally used to detect.
2004
The full paper written for the 2004 Virus Bulletin Conference, entitled:
'Canning More Than SPAM With Bayesian Filtering'
is available in PDF (Adobe Acrobat) format.
This covers how Bayesian Filtering can be used to detect not just SPAM but also scams and malware (viruses, worms, trojans).
The full paper written for the 2004 Open University - Combating Vandalism in Cyberspace Conference, entitled:
'Mind Wars: Attack of the Memes'
is available in PDF (Adobe Acrobat) format.
This covers the impact of Hoaxes, Scams, Chain E-Mail, Urban Legends, etc. on companies and suggests ways to help control or eliminate the effects they have on network/e-mail resources and staff productivity. This is an updated version of my VB2001 paper.
2003
The full paper written for the 2003 Virus Bulletin Conference, entitled:
'Worm Charming: Taking SMB Lure to the Next Level'
is available in PDF (Adobe Acrobat) format.
This covers the use of, and how to improve the effectiveness of SMB Lure, both for the benefit of corporate and other institutions, as well as for anti-virus and other security companies.
2002
The full paper written for the 2002 Virus Bulletin Conference, entitled:
'When Worlds Collide'
is available in PDF (Adobe Acrobat) format.
The first part of this paper investigates the differences in the way security issues are approached in both camps (Security and Anti-Virus).
The second part of this paper looks at the new ‘Blended’ or ‘Automated hacking’ worms (such as CodeRed, Nimda, Goner and Gokar) and other malware, which are starting to appear. This will require closer co-operation (or strategic partnerships) with others in different camps (AV or Security) to tackle these new complex threats.
2001
The full paper written for the 2001 Virus Bulletin Conference, entitled:
'Hoaxes and Other Electronic Ephemera'
is available in PDF (Adobe Acrobat) format.
This covers the impact of Hoaxes, Scams, Chain E-Mail, Urban Legends, etc. on companies and suggests ways to help control or eliminate the effects they have on network/e-mail resources and staff productivity.
2000
1999
The full paper written for the Compsec '99 International Conference, entitled:
'Implementing Anti-Virus (Anti-Malware) Controls in the Corporate Arena'
is available in PDF (Adobe Acrobat) format.
This paper offers guidance for setting an anti-malware policy for your company and cover a number of emerging threats and suggests strategies to help combat them.
The full paper written for the 1999 Virus Bulletin Conference, entitled:
'Viruses & Lotus Notes - Have Virus Writers Finally Met Their Match?'
is available in PDF (Adobe Acrobat) format.
This covers Lotus Notes and Domino and how to use the in-built security to help minimise malware attacks.
The full paper written for the 1997 Virus Bulletin Conference, entitled:
'FAT32 - a new problem for anti-virus or viruses?'
is available in PDF (Adobe Acrobat) format.
This covers the impact of FAT32 (Part of Windows 95B/98) on computer viruses and anti-virus software.
1996
The full paper written for the 1996 Virus Bulletin Conference entitled:
'Anti-virus in the Corporate Arena'
is available in PDF (Adobe Acrobat) format.
This paper covers how anti-virus software works, and offers guidance for setting an anti-virus policy for your company.
All papers and articles offered here are copyrighted by Martin Overton.
All Virus Bulletin articles and papers are also copyrighted by Virus Bulletin
(except the VB2003, VB2004, VB2005, VB2006, VB2007 and VB2008 papers which are copyrighted by IBM,
the VB2002 Paper is copyrighted by both IBM and Virus Bulletin).
All Virus Bulletin articles offered here were kindly supplied by Virus Bulletin and are used with their permission.
| |
|
|