Virus Bulletin Conference 2019: The Place-to-be


The annual Virus Bulletin conference (called „VB“ for short) is one oft he most important events of the year when it comes to threat intelligence for researchers and analysts as well as product managers and CISOs from all over the world. As usual, G DATA sent several members of their team. When they landed safely back in Germany, we asked them about their impressions and their personal highlights oft he conference.

G DATA's team at VB2019

Eddy Willems

The Virus Bulletin Conference is always the perfect match between networking, interesting talks and great content. I loved to participate again in chairing several sessions. My talk, together with Righard Zwienenberg from ESET - Oops, it happened again! - about the relation between the current and past cyberthreats, was well received by a full room audience. It’s hard to state which talk I preferred but I personally always take something with me from every talk I attend. I particularly liked the ending keynote ‘The security products we deserve’ from Haroon Meer and Adrian Sanabria from Thinkst. This was my 24th Virus Bulletin Conference in a row. What should I say more? I’ll be back!

Eddy Willems

Global Security Officer & G DATA Security Evangelist

Karsten Hahn, Malware Analyst

„Martijn Grooten, editor of the Virus Bulletin magazine and organizer of the VB conference, has put a great deal of emphasis on diversity. He listened to various groups and successfully managed to make this diversity a part of both VB’s audience as well as the roster of speakers. Among other things, he has established a code of conduct against sexual harrassment, which he pointed out explicitly during the conference’s opening ceremony. This seems to have struck a chord – the percentage of women attending the conference is significantly higher than at other conferences.  

The quality of the talks and the accompanying research papers was a bit of a mixed bag to me. There were papers that contained fundamental formal errors, such as a lack of sources cited. Some of the talks were rather heavy on the advertising side, with more of a focus on a specific product than a piece of research. Some speakers referred to detection rates without going into details either about their testing dataset or how the detection works. This makes it very difficult to glean any vital insights or ensure any reproducibility. 

One of my personal highlights was the talk about “Machete” by Veronica Valeros and Maria Rigaki. I also liked the originality of the “How to cook a crab“ talk about GandCrab by Alexandre Mundo Alguaci and John Fokker (McAfee) – they designed the talk just like a Gordon Ramsay cooking show. There were also quite a few very good non-technical talks about things like Burnout (Jamie Tomasello) and ethics in Infosec (Ivan Kwiatkowsky). I think those topics are very important, but they often did not enjoy as much of an audience as the talks about more technical topics. The research of Michal Polusny and Peter Kalnai (ESET) into Rich PE Headers will definitely be of great help for me at G DATA – and I will add Rich Header support into the PE parsing library “PortEx”.

Tim Berghoff, Security Evangelist

At the VB conference it is hard throw a USB drive without hitting at least one top-notch expert on a technical subject. But the conference also lives and breathes through non-technical topics. This year, Miriam Cihodariu’s talk titled  “The push for increased surveillance from fiction and its impact on privacy” was extremely interesting. Also, the panel on “Diversity and Data” in the infosec community with Kathi Whitbey, Heather King and Jeannette Jarvis brought new and important insights. The takeaway message here: you will only get truly diverse data if you ask a diverse group of people. 

In order to understand modern malware, it can help to look at the past, as was demonstrated in Andrew Brandt’s talk about “Retro malware”. That way I was also able to acquire a genuinely antique malware sample: a copy of the BHP virus for die Commodore 64 – on a 5.25” floppy diskette. “ 

Alexander Burris

„One of my main reaons to attend the Virus Bulletin conference each year is to meet face to face with all those people you only have email contact during the rest oft he year. Adam Haertle’s talk „2000 reactions to a malware attack – an accidental study“ was great. Though it was definitely very entertaining, it addressed a very serious issue: the failure of users to take security warnings seriously. He reported that users attempted to open a document from a spam email, despite being warned not to do so. His takeaway message: security companies should not rely on users to react correctly when faced with a security threat. According to him, there are many lessons still waiting to be learned.”

Alexander Burris

Lead Mobile Researcher

Ralf Benzmüller

„The VB conference is one of the biggest industry meetups of the infosec community. It is an opportunity to meet friends, former colleagues and future business partners. VB covers both a vast array of different topics as well as a bit of fun, sich as the official IT Security Table Soccer World Chamionship (or “Foosball”, if you are from the US). Things will get rather serious here as soon as the finals have started. The program of the conference ovvers a perfect cross section of the developments and trends over the past few years. We are no longer dealing only with PC malware. VB encompasses all of the different facets of IT security and the fight against cyber crime are present, from autonomous driving , the security of medical appliances to visualizing the activities of cybercrime groups. It would not be right to move one particular talk into the spotlight. I was especially happy for my former colleague Paul Rascagnéres (now working for Talos) to win this year’s Peter Ször Award. Again, I have taken many impressions and lots of inspiration away from Virus Bulletin – all of them will carry me safely through the rest of the year, until the next VB in Dublin.”

Ralf Benzmüller

Executive Speaker G DATA SecurityLabs

Sascha Curylo, Virus Analyst

„What I love about the Virus Bulletin Conference is the fact that you meet both old hands as well as newcomers of the AV industry and that there is lots of open dialog and exchange of knowledge. It is difficult to pick one personal highlight, though. Almost every talk was packed with lots of good information or provided inspiration.  If I was forced to pick a highlight, I would pick „Rich headers: leveraging the mysterious artifact of the PE format“ and „Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers“ as my favorites. Those have made an impression on me because they used different approaches to an old problem. I also brought a lot of new information, inspiration and a few new contacs back home with me from London.”

Alexey Podrezov, Team Lead Security Response

I started attending VB conferences in 1998, being an employee of Data Fellows (now called F-Secure). The main focus when visiting such conferences is not only attending the talks that are interesting from security or technical point of view, but also doing the social networking. As many AV companies exchange command line scanners, samples and URLs, the VB conference is the good place to find contacts in different AV companies and to agree on the exchange in person. This works way better than trying to find people who are responsible for such exchange via professional social networks like LinkedIn.

In addition, the representatives from several known test organizations (AV-Test, AV-Comparatives and of course - Virus Bulletin) are visiting the VB conference, so this gives a good opportunity to meet the marketing and technical people from these organizations and to discuss their testing methodology and their future plans for testing of our products. Meeting these people in person is always better than just exchanging e-mails. Sometimes one can get some interesting insights into the testing methods during such social interaction.

Last, but not least – the VB conference is the best place to meet the representatives from the core AV organizations, for example from CSA, AMTSO and the Wildlist Organization. During the last conference in London we had a chance to discuss the possible participation of G DATA in one of the initiatives of AMTSO – the Real Time Threat List (RTTL2). In addition, we had a chance to meet the main person behind the Wildlist – Greg Wasson. The interaction with the people from the core AV organizations is important for G DATA’s visibility within the AV community.

Hauke Gierow

Every year, the Virus Bulletin presents an exciting mix of highly theoretical but important basic research, exciting practical lectures and analyses of current threats. I also liked the Threat Intelligence Practitioners' Summit at the conference. The many lectures given by young researchers also provide targeted support for young researchers.

Hauke Gierow

Press spokesperson

Thomas Siebert

In order to protect our customers in the best possible way, we also exchange information with other security providers about the current threat situation or enter into cooperation agreements to jointly improve protection. The VB-Conference is the ideal place for this.

Thomas Siebert

Head of Protection Technologies

from Stefan Karpenstein
Public Relations Manager