Antivirus outbreak hits Toronto

Months after the Severe Acute Respiratory Syndrome (SARS) epidemic paralyzed this picturesque city, Toronto this week opened its arms to a different kind of virus outbreak – this time of computer virus experts.

Two hundred and fifty of the world’s top antivirus researchers have gathered this week at the city’s Fairmont Royal York hotel for Virus Bulletin 2003, the thirteenth annual gathering of international antivirus researchers.

“You’ve got pretty much every antivirus expert in the world right here in this room” said David Perry, global director of education at Trend Micro Inc., at a cocktail reception Wednesday to kick off the two day conference. “What we need now is a worm outbreak!”

At this year’s conference, presentations on criminal investigations, instant messaging threats and human behavior analysis fill the conference schedule, competing for attention with more technical discussions of antivirus scanning engine performance and polymorphic virus code.

Spam is a top concern among attendees, who include security representatives from major U.S. corporations such as Fidelity Investments Inc., Wells Fargo Co. and Ford Motor Co., leading universities and state and local governments.

At a technical presentation entitled “Spam – what does the future hold?” Costin Raiu of Russian antivirus company Kaspersky Labs Ltd. highlighted some of the latest techniques that spammers use to fool antispam products, including phony Pretty Good Privacy (PGP) signatures, faked excerpts from previous correspondence and spam pitches hidden in image file attachments.

User education is a recurring theme in presentations this year, as it has been in previous years.

David Phillips, a member of the Faculty of Technology at The Open University in Milton Keynes, England, described an online course that will teach Open University students about the danger of malicious software, or “malware.” The course is scheduled to be offered in May 2004.

In a presentation of the results of a study comparing the motivation of computer hackers and virus writers, Sarah Gordon, a senior research fellow at Symantec Corp., said that companies and governments must begin spending more time and money to educate young children about the possible consequences of actions performed online, such as releasing a computer virus.

Hosted by the monthly antivirus industry publication Virus Bulletin (see, the conference began Thursday and ends Friday. It strikes a more intimate tone than similar conferences such as the Black Hat Briefings and DefCon, which bring together computer hackers each year, according to Bernadette Disborough of Virus Bulletin.

At a cocktail reception Wednesday evening, “old guard” techies sporting pony tails or wearing suits and ties rubbed elbows with 20-something antivirus enthusiasts sporting jack boots and t-shirts.

For many of those gathered, such as Richard Baldry, of Sophos PLC, the conference is a yearly ritual and an occasion to catch up with old friends within the small and insular antivirus community.

Others use the show as a way to bolster business. Attending his fifth Virus Bulletin show, Steen Pedersen, a product manager at IT services company Ementor Danmark A/S, said he uses the conference to learn about cutting edge ideas and technology that can help his company’s customers understand and cope with virus outbreaks.

One new technique that was highlighted at last year’s Virus Bulletin show, open source technology developed by Nortel Networks Corp. called an SMB-Lure, helped Ementor customers identify and treat infected machines on a corporate network, Pedersen said.