Virus Bulletin Conference #31: Is it "Fool Us”, or is it “Us Fools”?


The annual Virus Bulletin International Conference has been running since 1991 and is one of the highlights in the calendar of events for IT security experts. I attended the Virus Bulletin Conference for the first time 26 years ago, this year it’s time again to participate with an interesting paper and presentation.

My favourite conference

For me the Virus Bulletin conference is one of the most important events of the year when it comes to threat intelligence and research for researchers, analysts, product managers and CISOs from all over the world. The VB Conference has always been the perfect match between networking, interesting talks and great content. If you never attended it, try to watch the conference this year online as it is a second time free event (due to Corona) packed with a lot of special features. A lot of colleagues of G DATA will be attending the event of course this year virtually. I will be presenting at this year’s virtual conference as well and together with my good friends experts we reserved already a semi-virtual (partly at my home, partly online) gala dining table, as always, on Thursday evening.

This has been always my favourite conference to attend each year. The content is always good, the organization is one of the best and you always walk away with more knowledge than you had when you went in. I love it how it how they bring deep technical talks for researchers but also offer useful information for enterprises. COVID restrictions notwithstanding, in the past you always can have more deep conversations with the best security experts in the world, making VB even more worthwhile attending.

You probably noticed by now that I love this conference which I’ve attended for the past 25 years. I wrote a nice G DATA blog about it last year how I remember the beginnings of VB.

Speaking and writing

I spoke several times at this conference and wrote several whitepapers for it like:

Remember that it is fairly common in the security industry to work together on a whitepaper with several other researchers from other security companies or academia. Even though we all might work for different organizations, the security industry has always understood that sharing and pooling expertise is the best way forward for everyone involved.

“Fool Us”, or is it “Us Fools!”?

Eleven years ago, me and my good friend and veteran researcher Righard Zwienenberg, gave a presentation titled “Attacks from the inside…” at the Virus Bulletin 2010 Conference in Vancouver. We outlined and provided examples of a variety of possible scenarios for internal attacks. We concluded with a top nine problems of “in-the-cloud services”. Now, 11 years later, both of us were surprised that our warnings seem to have been completely ignored, even though each and every one of our predictions had materialized.

In this presentation, we will “relive” our 2010 presentation, while illustrating with recent examples that our message and warnings are as current and relevant as they were then. Nothing changed, except that internal attacks now also come from the outside!

Due to the COVID-19 pandemic the corporate world changed, with “home office” meaning inside and outside becoming mixed. In a recent incident, eight of the top nine problems we identified 11 years ago were present, and all were foolishly ignored by professionals working from home. We considered naming the presentation “Attacks from the inside, by the outside…”, but as lessons learned and advice given in 2010 by “Us Fools!” seem to be ignored, must we assume that no one cares and really thinks “Fool Us!”?

We genuinely hope that our message, combined with recent real-life examples, will not go unheeded (again). So if you want to hear and see more about the never ending inside attacks and cloud problems, this presentation is a must for you!

Here ‘s the link to our presentation on the Virus Bulletin’s conference website  (co-authored by Righard Zwienenberg (ESET) and Eddy Willems (G DATA) “Fool Us”, or is it “Us Fools!”? … 11 “Fools” years later….

After the presentation our paper and the video will become available online as well.
You will be surprised ‘how’ we created the presentation, just watch! I really hope to be there next year ‘in real life’ again post-Corona.

Don’t forget to register!

VB2021 localhost is the second online version of the annual Virus Bulletin International Conference. Featuring the latest and best research on malware, malicious actors and threat intelligence, with live streamed content for 2 days as well as a comprehensive library of on-demand presentations. The conference will be broadcasted live for 4.5 hours each day, from 16:00 to 20:30 UTC. You will be able to join anytime, and re-watch, rewind or pause the live stream. This year there will also be an option to take part in workshops.

  • What: VB2021, the 31st Virus Bulletin International Conference
  • When: 7 - 8 October 2021
  • Where:
  • Programme now available to view
  • Registration is open