Analysis of Anti-Virus Labs Work
Authors: Igor Agiyevich and Pavel Markov
Sophisticated security researchers already got used to reports on investigating security issues by anti-virus analytics. However this investigation is a bit of unusual one. This time anti-virus labs themselves are examined.
An anecdote that occurred to colleague software developers helped the researchers to learn “on the other side” how anti-virus labs really work while analyzing suspicious software. The talk will present the kits used by anti-virus labs to analyze potentially malicious software, and also the signs allowing real malefactors to spot anti-virus labs’ interest to their command servers in advance by analyzing incoming traffic.
Igor Agiyevich is the Deputy Head of the IT Department at the company Tchnologii Radiocontrolya. He obtained a master's degree at the Saint Petersburg State Polytechnical University specializing in Secure Telecommunication Systems. He spoke at PHDays III, Chaos Constructions 2011, and DefCon Russia. Igor conducts researches in the field of information security, specifically he discovered and published vulnerabilities in Agnitum Outpost Security Suite, VirtualBox, and vBulletin.
Pavel Markov is a Development Engineer at the company Tchnologii Radiocontrolya (Saint Petersburg).