January 22, 2007 4:02 AM PST

Cyberthreat experts to meet at secretive conference

Internet security experts are gathering at a secretive conference later this week to strategize in their fight against cybercriminals.

The meeting on Thursday and Friday at Microsoft's Redmond, Wash. headquarters is slated to bring together representatives from security companies and government and law enforcement officials, as well as others involved in network security. The agenda focuses on botnets and related topics, seen by experts as a prime threat to the Internet.

"Unlike most other security conferences, we allow only members of the different relevant groups access, and we discuss organized crime and threats across borders?with a strong lean toward how we can make things better," said Gadi Evron, an evangelist at security firm Beyond Security and organizer of the event.

Botnets are networks of hijacked computers, popularly called zombies. Cybcercrooks use these networks to relay spam, bring down Web sites, distribute spyware and perform other nefarious acts. Microsoft has fingered zombies as a top threat to Windows PCs.

In the battle between cybercrooks and those protecting the Internet, the bad guys are often at least one step ahead. Authorities are cracking down and have had successes in catching, prosecuting and convicting phishers and bot herders in recent years. But criminals are organizing better and moving to more sophisticated tactics, including the use of peer-to-peer technologies in their bot software. The gathering this week is the good guys' effort to team up.

"These events have been a great way to build trust in the security community, which can lead to collaboration and data sharing. This helps in the overall efforts to combat the cybercriminals," said Dave Jevans, chairman of the Anti-Phishing Working Group, who is slated to speak at the event later this week.

The two-day meeting is held behind closed doors. "For reasons of practicality as well as to help members feel safe to share and work in our environment, some privacy is required," Evron said. "Not everything can be common knowledge if we are to be successful in combating these threats."

It is not unusual for such meetings to be confidential. After all, it doesn't make much sense to let the criminals in on the efforts being made to catch them. Also, this isn't a new thing for Microsoft--the company regularly holds meetings at its campus that require a nondisclosure agreement.

Scheduled presentations at this week's event include two talks by Microsoft on security vulnerabilities that have no patch, known as zero-day flaws, and the software maker's response to those. There has been a significant rise in the use of zero-day bugs in cyberattacks. Criminals often exploit security holes to add PCs to their botnets.

"Microsoft will be presenting our analysis of trends and patterns in its security response process," a company representative said. "Additionally, we will be reviewing vulnerability exploitation trends, with a specific focus on the usage of zero-day vulnerabilities, to attack customers."

Microsoft also said it is "proud to sponsor the workshop, which provides an opportunity for the security operations community to discuss security trends, share information and plan for the future."

Trojan horses, phishing and spam--oh my
Aside from various talks specifically on botnets, other presentations dive into Trojan horses, new styles of denial-of-service attacks, spam, phishing and weaknesses in protection technologies such as sandboxes and virtual keyboards on banking sites, according to the event agenda.

Douglas Otis of Trend Micro plans to give a talk on how e-mail authentication technology called Sender ID could be abused to launch denial-of-service attacks, he said. Sender ID is a specification pushed heavily by Microsoft for verifying the authenticity of e-mail by ensuring the validity of the server from which it came.

Jevans of the Anti-Phishing Working Group plans to present a multiyear overview of phishing statistics and discuss new trends in the data-thieving scams, he said. These new trends include use of subdomains, more man-in-the-middle style attacks and changing attack patterns to also focus on smaller banks and payment services, he said.

Alex Shipp, a senior antivirus technologist at e-mail security company MessageLabs, is scheduled to deliver a talk on Trojan horses targeted at a small number of companies or even individual. It is an update to a presentation he gave at the Virus Bulletin conference last year. These targeted Trojan horse attacks are considered dangerous because they could evade traditional protection mechanisms trained to look for known attacks or mass attacks.

But Shipp also hopes to leave with answers to a number of questions. Ultimately, the event should better arm attendees in the fight against cyberattacks, he said

"What are the bad guys doing now and how can we stop them? Can we do better than we are currently or do we need a seismic shift in the way we do things now to solve the problems? What kind of co-operative efforts can we put in place that would benefit us all?" are some of those questions, Shipp said.

Among those scheduled to attend are representatives from security firms such as Symantec, Trend Micro and Websense, as well as people from AOL, Cisco Systems, Microsoft, Sun Microsystems and Qwest. Government and law enforcement expected to attend include the Federal Bureau of Investigation, Secret Service and United States Computer Emergency Readiness Team, or US-CERT. Various universities are also expected to send representatives.

"Cooperation at all levels, technical, legal, government, is needed to contain the problem," said Righard Zwienenberg, chief research officer at Norman Data Defense Systems, who is slated to speak on sandboxes at the event Thursday. "Without worldwide laws and cooperation, we might lose the battle in the end."

See more CNET content tagged:
conference, phishing, expert, spam, threat

7 comments

Join the conversation!
Add your comment
Education
I think that Education is key. While these companies may be competitors, I think that it is a good idea to come together towards a common cause. I would also like to see more educating the public about the risk and threats that are out there.
Posted by Michael00360 (58 comments )
Reply Link Flag
Re:Education
I completely agree about education. I work for an email anti-theft company and human error remains a considerable problem for security. Just look at the security news on sites. Everyday people send out their/others personal data out for grabs. We can protect from lots of security risks but sometimes it is up to users to take a few simple precautions.

Michael
essentialsecurity.com
Posted by MD525 (22 comments )
Link Flag
Follow the money
Stop trying to figure out how to make the system absolute proof against invasion. Go after the people who are buying bot-nets to flood inboxes with their ads.
Posted by Jimmu410 (10 comments )
Reply Link Flag
Need more action than flooding mailboxes
There needs to be some actual danger to running a botnet or buying time on one.

Perhaps if the black ops kicked down the door of a botnet operator, drug him out into the street and lopped off his arms at the shoulders?

Maybe the same for botnet buyers?

Definately would send a message they could understand without translation!
Posted by Too Old For IT (351 comments )
Link Flag
Force Telcos and ISPs to toe the line...
You remove the ability of PCs from bypassing their ISP's mail servers and you remove the bot's ability to SPAM.

By forcing the average PC to push their mail through their ISP's servers, the ISPs then can control or throttle the amount of mail comming from an individual PC.

A PC starts a spam run, then the ISP now has an incentive to block their e-mail during the run and then contacting their customer and letting them know that their PC is infected.

Or what they could do is to trace the packets to and from the PC and figure out who's controlling the bot net....

Lots of options.
Posted by dargon19888 (412 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.