Ethical malcoders get their own conference
You have heard of Black Hat, Defcon, RSA Conference and Info Security, but does the name MalCon ring a bell?
Probably not, since the newly started conference on malware is yet to be held for the first time and it’s only in the call-for-papers phase of its existence. But, the main theme is likely to raise a few eyebrows in the security community, for many may feel as Bruce Schneier does: “The bad guys produce more than enough malware to stimulate research.”
But this opinion will not prevent him to make an appearance as leading speaker in Mumbai and Pune (India) on December 3rd and 5th, respectively, when the conference is scheduled to be hosted.
Likewise intrigued by the notion, Brian Krebs contacted Rajshekhar Murthy, MalCon’s coordinator, to find out more about the event.
He found out that the conference organizers are indeed trying to attract as many “ethical malware authors” as possible. The goal of the conference is to “encourage and foster the creation of malcode”, and to promote the cooperation between these malware creators and the security companies.
“Just like the concept of “ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that “ethical malcoding’ is required to research, identify and mitigate newer malwares in a “proactive’ way,” says Murthy.
The official website lists a number of categories for submitted papers to fall into:
- Hacking tools – any rogue tools, phishing kits, code that aids any malware or malicious activity
- Malware – rootkits, Trojans, viruses, keyloggers, mobile malware, etc.
- Malware creation tools
- Web based malware – Web-shells, browser runtime malwares (Javascript, Flash)
- Malware infection and propagation – infection techniques, target enumeration techniques, cross-platform infection, etc.
- Malware self-defense mechanism – AV detection and exploitation techniques, anti-reversing and anti-debugging techniques, secure malware communication, etc.
A number of workshops will also be held during the conference, and any malware that will be presented on the conference and that takes advantage of a 0-day exploit will be shared with the affected vendors prior to any public release.