Malcon

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Logo for the International Malware Conference, MalCon

MALCON is a premier international technology security conference focusing exclusively on proactive malware research and analysis. MalCon is a part of Information Sharing and Analysis Center, in support with the Government of India.

Executed in India by the UK based multinational media company UBM Plc that also owns the infamous Black Hat briefings, MalCon aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.

Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers with interest in malwares and its global impact on economy. The event promotes “proactive” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.

History[edit]

MalCon was founded in 2010 by Rajshekhar Murthy,[1][2][3] known as thebluegenius,[4][5] is a science graduate and an ex-employee of Microsoft Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO.[6] Eventually, MalCon became a part of Information Sharing and Analysis Center (ISAC), a non-profit in support with the Government of India in 2011.

Philosophy[edit]

The event organizers have issued a FAQ[7] that outlines their philosophy for MalCon, where they explain their objective as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”

In an interview to kerbsonsecurity,[8] he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".

Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare"[9] to describe software’s that may have similar attributes of a malware but are used for defensive purposes.

Controversies[edit]

MalCon approach of openly inviting "ethical malcoders" gained a lot of International attention[10] and faced criticism[11] from notable security sites[12][13] and bloggers.[14] On its part, MalCon on its FAQ[7] maintains that “It is not about rapid analysis but about detection. Technology or not, MalCon conference or not, there are new malwares out there constantly being created. Even if the available handful of security vendors have their own team of researchers for analysis, this is not enough. Active and open participation by ‘ethical malcoders’ will help advance the research and containment capability of our existing methods”

Event format[edit]

The MalCon convention has the following format:

  • Technical briefings: The main content of the submitted CFP, the 2010 MalCon revolved around "Malware creation in under two minutes" theme.[15]
  • Workshops: Technical workshops related to Malwares.
  • The Big Talk (panel discussion): A subject for debate by experts, the Big talk in MalCon 2010 focused on 'Hiring hackers for National security', where both hackers and representatives of the Indian Government participated.[16]
  • Capture the Mal: Announced for MalCon 2011, 'Capture the Mal' is proposed to be a variant of the popular Capture the Flag contest, where security professionals will try to capture and analyze an unknown malware in a limited time.

Publications[edit]

The Malware Comic[edit]

The malware comic was announced by the MalCon team on day of Maha Shivaratri 20 February 2012 [17] - and stated that they planned to release Zero-days using comics.[18] The comic is expected in two formats - a web and a printed version, where the printed version is specifically for the Indian Government officials, Intelligence agencies and Law enforcement groups, who are regular attendees at the conference.[19]

The Malware Journal[edit]

The creation of Malware Journal was formally disclosed at MalCon 2011. The quarterly journal is in collaboration with various hacker groups with the objective of helping coders understand the art behind malcoding for offensive defense and security. This journal is also seen as a remarkable and significant point in the history and evolution of hackers and cyber warfare capabilities of India.

Notable events[edit]

MalCon 2012[edit]

  • Windows Phone 8 Malware Prototye - Indian Hacker Shantanu Gawde presented possibly the world's first Windows phone 8 malware prototype amid many discussions at the conference with live demonstrations. The application apparently passed Windows Marketplace requirements and could upload contacts and pictures of the users without permission.[20][21][22][23][24][25][26][27][28][29]
  • Paul Rascagnères, founder of Malware.lu presents a malware on Windows 7 that hijacks USB smartcards and provides the attacker complete access to the PINs and device as if physically present. Demonstrated live at the event, the malware not only affects the identity card from Belgium but also millions of USB smart cards used in India by company directors to file returns and sign documents.[30][31][32][33][33][34][35][36][37][38]
  • Universal Mobile malware based on Hardware steals contact via Audio Jack - Presented by the Indian hacker Atul Alex, the research abuses voice dialing feature which is enabled by default on all mobile platforms - and combines a bugged headset with a micro controller and code to steal private data. The bugged headset can also dial a pre-defined number by detecting if the device is in use or not and turn the phone into a spy device. Further, it can steal contacts from all devices - Blackberry, iPhone, Symbian, Windows and Android, without putting a malware inside the mobile phone.[39]
  • Google Chrome zero day - Georgian hacker Ucha Gobejishvili claims to have a 0-day exploit for Chrome, but does not provide further details or refuses to release it to Google. Eventually he did not make it to the conference due VISA issues. Dubbed as project Calypso, the zero day is still a mystery, with a video posted on Google Chrome 0 day by UCHA - YouTube [40][41][42][43][44]

MalCon 2011[edit]

  • Sophisticated Malware for Apple iOS released - Indian Hacker Atul Alex, unveils most advanced malware for Apple iOS, impacting iPods, iPads, iPhones.[45]
  • Windows 8 Bootkit "Stoned Lite" is released by Peter Kleissner [46]
  • Xbox Kinect Malware - The world's first malware utilizing Xbox Kinect is demonstrated by Shantanu Gawde [47]
  • Twisted Penetration Testing - The Malcon team creates a new term and methodology "Twisted Penetration testing". As cited by the website, Twisted penetration testing is "A fresh and twisted approach towards penetration testing from MalCon, it can help get results the unconventional way in regular network and system audits, vulnerability assessment and penetration testing." Attended in full capacity by experts, the approach promotes use of real controlled malware in networks to test its effectiveness and security in event of an attack [48]

MalCon 2010[edit]

  • Indian government officials reportedly asked Indian hackers to learn Chinese to beat the red attacks.[49][50]
  • Indian hacker, and MalCon's Technical Director, Atul Alex released an updated and modified firmware for the Symbian OS with a backdoor.[51][52]

List Of Venues[edit]

Notes[edit]

  1. ^ Paul Roberts (August 25, 2010). "New Conference Wants to Bring Malware Writers Out of the Shadows". Kaspersky Lab Security News Service. Retrieved December 26, 2010. 
  2. ^ Pulkit Sharma (August 25, 2008). "Terrorists exploit Mumbai net security". Techgoss. Retrieved December 26, 2010. 
  3. ^ Vinod Kumar Menon (March 10, 2009). "India's youngest ethical hacker". MiD DAY. Retrieved December 26, 2010. 
  4. ^ Rajshekhar Murthy (February 2010). "Files from thebluegenius". Packet Storm. Retrieved December 26, 2010. 
  5. ^ "Rajshekhar Murthy's Official Blog". The Blue Genius. Retrieved M D, Y. 
  6. ^ Sameer and DJ (December 14, 2010). "What went into making of Malcon?". Techgoss. Retrieved December 26, 2010. 
  7. ^ a b MalCon. "FAQ". malcon.org. Retrieved December 26, 2010. 
  8. ^ Brian Krebs (August 24, 2010). "MalCon: A Call for ‘Ethical Malcoding’". Krebs On Security. Retrieved December 26, 2010. 
  9. ^ "GuuWare". malcon.org. December 1, 2010. Retrieved December 26, 2010. 
  10. ^ Sameer (August 30, 2010). "Mumbai MalCon gets media". Techgoss. Retrieved December 26, 2010. 
  11. ^ Ted Samson (August 30, 2010). "Malware Convention -- Not a Good Idea". PC World. Retrieved December 26, 2010. 
  12. ^ Ed Moyle (September 2, 2010). "Introducing the "Malware Conference for Global Evil (and Mass Effect 2)"". SecurityCurve. Retrieved December 26, 2010. 
  13. ^ Kurt Wismer (September 1, 2010). "Of logic and malware". anti-virus rants. Retrieved December 26, 2010. 
  14. ^ Security News (August 30, 2010). "Bloggers voice concerns about new malware convention". Sunbelt Software. Retrieved December 26, 2010. 
  15. ^ "MalCon 2010 Technical Briefings". malcon.org. November 12, 2010. Retrieved December 26, 2010. 
  16. ^ "Panel Discussion: Hiring Hackers for National Security". malcon.org. November 12, 2010. Retrieved December 26, 2010. 
  17. ^ MalCon Groups (February 20, 2012). "MalCon announces the Comic on Google Groups". 
  18. ^ Indiatimes.com (February 21, 2012). "Hackers to Launch Comics about Malware". 
  19. ^ THN (February 22, 2012). "Hackers to release 0-days in comics". 
  20. ^ computerworld.com (November 13, 2012). "Researcher to present Windows Phone 8 malware at MalCon". 
  21. ^ John Leyden (November 13, 2012). "Even a CHILD can make a Trojan to pillage Windows Phone 8". 
  22. ^ GMA-News (November 14, 2012). "Teen hacker claims making prototype Windows Phone 8 malware". 
  23. ^ Dru Ashe (November 14, 2012). "Teenager Exposes Security Holes in Windows Phone 8 with Trojan App". 
  24. ^ Owen Hughes (November 14, 2012). "Teenager causes red-faces at Microsoft with Windows Phone 8 trojan". 
  25. ^ Matthew Humphries (November 14, 2012). "16-year-old builds Windows Phone 8 malware prototype". 
  26. ^ Paul Roberts (November 13, 2012). "Windows Phone 8 malware? This teen hacker claims to have created a prototype". 
  27. ^ Kerry Butters (November 13, 2012). "Windows 8 Malware Proof-Of Concept Code Revealed". 
  28. ^ Michael Mimoso (November 13, 2012). "Microsoft Update Includes Critical Security Update for IE 9, First Patches for Windows 8, RT". 
  29. ^ SC Magazine (November 14, 2012). "Windows Phone 8 malware developed". 
  30. ^ Lucian Constantin (November 18, 2012). "Security team finds malware that hijacks USB smart cards". 
  31. ^ John Leyden (November 20, 2012). "Malware made which can share a smartcard over the internet, Use a bank or ID card as though you had it with you". 
  32. ^ Brian Donohue (November 20, 2012). "Researchers Remotely Control Smart Cards with Malware PoC". 
  33. ^ a b Darren Pauli (November 19, 2012). "Malware can remotely steal smartcard PIN". 
  34. ^ Lets Byte Code (November 18, 2012). "VIRUS PROVIDES HACKERS REMOTE CONTROL OF USB-ADAPTER, READ INFORMATION FROM "SMART CARD" OF USERS". 
  35. ^ Jeff Goldman (November 20, 2012). "New Malware Targets Smart Cards". 
  36. ^ Bogdan Botezatu (November 20, 2012). "Researcher Seizes Control of Smartcard via Proof-of-Concept Malware". 
  37. ^ Jane McCallion (November 20, 2012). "Malware prototype exposes smartcard security flaws". 
  38. ^ Jane McCallion (November 20, 2012). "Proof-of-concept Malware Enables Remote Accesses To Smart Card Readers". 
  39. ^ THN (November 28, 2012). "Hardware based malware steals contacts from all mobile platforms using only the Audio Jack!". 
  40. ^ John Leyden (November 23, 2012). "Mystery Chrome 0-day exploit to be unveiled in India on Saturday - I don't want $60k, I want FAME?". 
  41. ^ samzenpus (November 21, 2012). "Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It"". 
  42. ^ http://securityledger.com (November 21, 2012). "Questions, Doubts greet Researcher’s Claim to have Chrome Zero Day". 
  43. ^ Justin Schuh (November 24, 2012). "Justin Schuh dubious of zero-day claim by Ucha". 
  44. ^ Fahmida Rashid (November 23, 2012). "Researcher Set to Disclose Chrome Zero-Day". 
  45. ^ The Hacker news (October 28, 2011). "Most advanced and dangerous malware for Apple products". 
  46. ^ Sean Gallagher, Ars Technica (December 1, 2011). "Security researcher gets root on Windows 8 with bootkit". 
  47. ^ TJD, GMAnetwork (October 29, 2011). "Kinect malware secretly takes, uploads photos". 
  48. ^ "MalCon: Malware Hacking Conference for Twisted Pen Testers – Ms Smith". November 21, 2011. 
  49. ^ J Dey (December 5, 2010). "Ethical hackers asked to learn Chinese to beat red attacks". MiD DAY. Retrieved December 26, 2010. 
  50. ^ Kohi10 (December 5, 2010). "Got Mad Hacking Skillz? Speak Chinese?". MadMark's Blog. Retrieved December 26, 2010. 
  51. ^ Uli Ries (December 8, 2010). "Hacker plants back door in Symbian firmware". The H Security. Heise Media Group. Retrieved December 26, 2010. 
  52. ^ Norman's Security Blog (December 10, 2010). "Updated Firmware Available... Oh yes, forgot to mention this: with a build in back door!". Computer Security Articles. Retrieved December 26, 2010. 

External links[edit]