`
`11. vuut
`INTERNATIONAL
`
`CONFERENCE
`
`Boston Park Plaza Hotel and Towers
`
`20-22 September
`
`000001
`
`ymantec 1026
`
`Symantec v. Finjan
`
`|PR2015-01892
`
`.4
`
`000001
`
`Symantec 1026
`Symantec v. Finjan
`IPR2015-01892
`
`
`
`-(4.._}—:J._.43
`oozzzazom
`_Z1_:m_~Z>,x—J_OZ3:.
`
`.—i_..(CC
`
`000002
`
`
`
`J ngton -
`
`ks
`
`lnterlibrary Loan (Lending) _
`University of Washington‘ Libraries
`G027 Suzzallo Library
`Box 352900
`
`Seattle WA 98195-2900'
`
`LIBRARY MAIL
`
`
`
`000003
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 - i
`
`
`Proceedings of
`
`The Fifth International
`
`Virus Bulletin Conference
`
`
`
`VIRUS BUILLET./N CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOOO4
`
`000004
`
`
`
`ii - VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
` _
`
`Copyright © 1 995
`
`Virus Bulletin Ltd
`
`21 The Quadrant, Abingdon, OX 14 3YS, England
`
`All rights reserved. No part ofthis publication may be reproduced, stored in a retrieval system, or
`transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise,
`without prior permission ofthe publishers.
`
`No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a
`matter ofproducts liability, negligence or otherwise, or from any use of operation of any methods, products,
`instructions of ideas contained in the material herein.
`
`
`
`VIRUS BULLETIN CONFERENCE @1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any fonn
`without the prior written permission of the publishers.
`
`OOOOO5
`
`000005
`
`
`
`FOREWORD
`
`000006
`
`
`
`000007
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 - iii
`
`CONTENTS
`
`DAY 1
`
`Corporate stream
`
`The anti-virus strategy system
`Sarah Gordon
`
`Blessings in disguise: building out ofdisaster
`PaulDucklin
`
`Human dimension ofcomputer viruses
`Jean Hitchings
`.
`
`Fully automated response for i11 the wild viruses (FAR - ITW)
`Mike Lambert
`
`Technical stream 1
`
`The PC boot sequence, its risks and opportunities
`Jonathan Lettvin
`
`Securing DOS
`Neville Bulsara
`
`Modern methods ofdetecting and eradicating known and unknown viruses
`Dmitry Mostovoy
`
`Evaluating distributedvirusprotectionproducts
`Scott Gordon
`
`Technical stream 2
`
`Dynamic detection and classification ofcomputerviruses using general
`behaviourpatterns
`Morton Swimmer
`
`Flash BIOS - anew security loophole
`Jakub Kaminski
`
`Automatic virus analyser system
`Ferenc Leitold
`
`The problems in creating goat files
`IgorMuttik
`'
`
`Automatic testing ofmemory resident anti-virus software
`DavidAubrey-Jones
`
`Late additions
`
`1
`
`11
`
`21
`
`29
`
`41
`
`51
`
`67
`
`71
`
`75
`
`89
`
`99
`
`109
`
`125
`
`
`
`Computervirusesin heterogeneous Unixnetworks
`Peter Radatti
`
`Why do we need heuristics?
`Frans Veldman
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOOO8
`
`
`
`
`
`1214/223097enslrx
`
`000008
`
`
`
`iv ° VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
`
`..
`
`DAY 2
`
`Corporate stream
`
`A testing time
`Paul Robinson
`
`Fending offviruses in the university community: a case study ofthe Macintosh
`Judy Edwards
`A
`Recent viruses, virus writers and routes ofvirus spread in Hong Kong and China
`Allan Dyer
`
`Case study ofvirus control in a large organisation
`Lucijan Caric & Philip Kruss
`
`.
`
`Computerviruses: a globalperspective
`Steve White, Jefiey Kephart & David Chess
`
`Technical stream 1
`
`Virusprotection as part ofthe overall software developmentprocess
`Robin Kinney
`
`Harmless and useful viruses can hardly exist
`Pavel Lamacka
`
`The effect ofcomputer viruses on OS/2 and Warp
`John Morar & David Chess
`
`‘
`
`Technical stream 2
`
`Heuristic scanners: artificial intelligence?
`RighardZwienenberg
`
`Virus detection - ‘the brainy way’
`Glenn Coates & DavidLeigh
`
`Data security problems associated with high capacity IDE hard disks
`R0gerRiordan
`
`Scanners ofthe year2000: heuristics
`Dmitijy Gryaznov
`
`Computerviruses and artificial intelligence
`DavidStang
`
`Late additions
`
`The evolution ofpolymorphic viruses
`Fridrik Skulason
`
`Macroviruses — the sum ofall Ph3 3 rs?
`RichardFord
`
`UK Government certification ofanti-virus software
`Chris Baxter
`
`133
`
`145
`
`151
`
`159
`
`165
`
`183
`
`193
`
`199
`
`203
`
`21 1
`
`217
`
`225
`
`235
`
`I
`
`IX
`
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Cxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`OOOOO9
`
`000009
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 - v
`
`THE SPEAKERS
`
`WES AMES
`
`Wes Ames is a Senior Principal Scientist in Personal Computer Hardware and Operating Systems for the
`Boeing Company in Seattle, Washington. He is responsible for specific hardware and 0/S standards and
`support in the Boeing Company. Over the past six years, Ames has managed the anti-virus activities for
`Boeing, which has responsibility for over seventy thousand personal computers worldwide. These activities
`range from policy determination to technical support training.
`
`Ames has created the Boeing corporate policies necessary for reducing the risk from computer viruses, and
`is responsible for their implementation and update. He teaches anti-virus classes to technical support
`analysts, and consults with corporate customers on virus methodologies. He has lectured and led anti-virus
`discussion groups at the Law Enforcement Conference for Computer Security, and the Society for
`Information Management.
`
`DAVID AUBREY-JONES
`
`David Aubrey-Jones has been aprolific figure in the computer industry since 1980 and is an authority on
`viruses and anti-virus warfare. Aubrey-Jones has a PhD from Leeds University. In 1988, he started his own
`company, Speedlock, which specialised in copy protection, and soon became a market leader. It was through
`copy protection that Aubrey-Jones became involved with Reflex Magnetics, finallyjoining as Technical
`Directorin 1991.
`
`Aubrey-Jones is the author of disknetTM’Reflex ’s multi-layered computer security solution, which currently
`protects over 75 0,000 PCs in multi-nationals, government institutions and other blue-chip organisations
`worldwide.
`
`JI1VI BATES
`
`Jim Bates has been involved in electronics all his working life. After service as an Air Radar Engineer m the
`Royal Air Force, he worked as an Electronic Service Engineer on early computers and tabulators. When
`computer viruses appeared, he was the first in the UK to disassemble them. In 1989, he broke the code
`encryption and analysed the infamous AIDS Information Disk. This marked the start of his connection with
`the Computer Crime Unit at New Scotland Yard: he is now regularly consulted by them and other national
`and international law enforcement agencies. He runs his own company, Computer Forensics Ltd, and he is
`the designer of the DIBS copying system
`
`As well as being a respected member of Wrus Bulletin’s advisory board, Bates also belongs to the
`Computer Security Specialist Group ofthe British Compumr Society. He holds a degree in Electronic
`Engineering, and was elected a Fellow ofthe Institute ofAnalysts and Programmers in 1987. He was
`appointed President of the ruling council ofthe IAP in 1993, and is an active member ofthe Forensic
`Science Society.
`
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of Ihis publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`000010
`
`000010
`
`
`
`vi ° VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
`._:____.?
`
`NEVILLE BULSARA
`
`Neville Bulsara first began programming in assembler at the age of 18. In 198 8, at the age of2 l , he
`pioneered the anti-virus movement in India by being the first in the country to take apart the Brain virus and
`write an antidote for the same. Since then, he has been at the forefront ofthe battle against viruses in India
`
`Since 1989, Bulsara has served as a consultant on the field to the Government ofIndia, some ofthe largest
`corporations in the country and various defence establishments. He considers the lack ofuser-awareness as
`the greatest factor contributing to the virus menace, and so is to be regularly found lecturing on the subject
`at user-group meetings and computer shows.
`
`LUCIJAN CARIC
`
`Lucijan Caric gained his LL.B. at the University ofZagreb. When he started to work in the area ofcomputer
`security and anti-virus measures in 1991, he already had extensive experience in the computing. He joined
`United Nations Peace Forces (UNPF) in the former Yugoslavia in 1993 and is currently the Special
`Projects Coordinator in the Information Technology Services Section. Caric is responsible for computer
`security projects and the development of major projects conducted by the section.
`
`In an effort to improve standards ofcomputer security and anti-virus protection in Croatia, Caric is also
`acting as a contributing editor to a leading Croatian computer magazine, Bug, and has taken part in a series
`ofbroadcasts about computer viruses on the metropolitan TV station.
`
`GLENN COATES
`
`Glenn Coates is 23 years old and has recently completed a BSc (Hons) degree in Computing Science at
`Staffordshire University. For his final year project, he developed aprototype Virus Description Language
`(VDL) upon which his paper at V3 '94 was based.
`
`He is now working at Security Information Systems Ltd (SISL) as a trainee security evaluator. His other
`computing interests include operating systems design, compiler writing, neural networks and human
`computer interaction. His hobbies include fitness training, parachuting and socialising.
`
`PAUL DUCKLIN
`
`Paul Ducklin’s involvement in the anti-virus field started in 1989 in South Africa, at the time that computer
`viruses firstbegan to appear there. He spent five years as the head ofthe Computer Virus Lab at the South
`African Councilfor Scientific andIndustrialResearch in Pretoria, before moving to England earlier this
`year to join the anti-virus team at Sophos Plc, the producers of SWEEP. Though a recent arrival in the EC,
`he has attempted to make his mark as a true European by eating British cheese, driving a French car, and
`riding an Italian motorcycle.
`
`ALLAN DYER
`
`Allan Dyer first studied biological viruses, graduating in Microbiology from University College, London, in
`1984. He switched fields, gaining a Master’s in Control Engineering from Sheflield University in 1987 and
`combined his skills programming in a haematology research laboratory. He first met computer viruses in
`1988 while a Systems Programmer at the London School ofHygiene and TropicalMedicine, andjoined the
`team controlling them in a number ofLondon colleges. He moved to Hong Kong in 1993, and now manages
`F-PROT Professional for Yui Kee Co. Ltd.
`
`
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`00001 1
`
`000011
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 - vii
`
`JUDY EDWARDS
`
`Judy Edwards is a Microcomputer Software Specialist at Illinois State University, where she is a member of
`the WWW Team and an ftp site administrator. She provides Internet training and help desk support to
`faculty, staffand instructional computer labs, and also does independent Internet consulting.
`
`Edwards holds a Master’s degree in Instructional Systems Technology from Indiana University's College of
`Education, and a Personal Computer Coordinators certificate from the University ofSouthern Maine.
`
`RICHARD FORD
`
`Richard Ford obtained a BA in Physics from Queen’s College, Oxford, in 1989, and went on to study for a
`D. Phil. in Semiconductor Physics. His interest in computer viruses began during the course ofhis research,
`when the computer he was using became infected with the Spanish Telecom virus. The virus triggered,
`nearly destroying six months’ worth of results, but rather than turning to anti-virus software for the answer,
`Ford analysed the virus himself
`
`In the following year, he wrote various articles for Virus Bulletin and became editor in January 1993. He has
`since lectured and talked world-wide on the problems posed by malicious software. In April ofthis year he
`joined the National Computer Security Association (NCSA) in the US as Director of Research.
`
`SARAH GORDON
`
`Sarah Gordon, Security Analyst for Command Software Systems, Inc, has been an invited speaker at such
`diverse conferences as those sponsored by The American Associationfor the Advancement ofScience,
`EICAR, DEFCON, and Virus Bulletin. A frequent contributor to security industry technical publications,
`she is also the winner of the Sec 94 IFIP TCl 1 award for her research on social and ethical implications of
`technology: ‘Technologically Enabled Crime: Shifting Paradigms for the Year 2000’.
`
`She has recently completed research projects at Indiana University in Unix Security and in Computer Ethics.
`Current projects include ‘Development ofInformation Security Education in Developing Countries’, and
`‘Anti-Virus Product Certification Methodologies’. Sarah can be heard at the upcoming National Computer
`Security Conference in Baltimore, in October and also at Compsec in London, in November.
`
`SCOTT GORDON
`
`Scott Gordon is the Product Manager for McAfee Associates’ security solutions. Acting as the focal point
`relating to product development, positioning, delivery and support, he is a company spokesperson and
`among resident experts on issues relating to computer viruses, enterprise date quality assurance, and
`security. Gordon’s background in the computer industry spans a broad range of experience; from retail,
`channel and corporate sales to consulting and product marketing / development manager for network
`security and management.
`
`Prior to joining McAfee, Gordon was the product development manager for network security and
`management products at Cheyenne Software. Before this, he was responsible for product marketing and
`technical sales functions with ComputerAssociates International and, previously, was a product manager
`with a network technology seminar company and an independent systems consultant. He has an MBA from
`the University ofPhoenix and a BBS from Hofstra University.
`
`WRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOO12
`
`000012
`
`
`
`viii - VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
`jT——
`
`IGOR GREBERT
`
`Igor Grebert studied in Paris and graduated in 1989 from Ecole Centrale de Paris, with a major in
`bio-technology. He worked as a post-doctorate researcher at Stanford designing neural networks applied to
`target tracking, image analysis and automatic pilots. In 1990, he started to use his pattern matching expertise
`to help detect the growing number ofcomputer viruses. In 1993, he headed the redesign ofMcAfee’s
`VirusScan product line as manager ofthe research and development team. Today he applies his skills to
`designing enhanced anti-virus systems, integrating his years of experience in the field.
`
`DMITRY GRYAZNOV
`
`Dmitry Gryaznov was born in 1961 in Frunze, Kirghyzskaya SSR, USSR He was educated at the Moscow
`Skills ImprovementInstitute and the MoscowPhysics and Technology Institute (MPh17), where he gained a
`Unix Operating System programmer and administrator certificate and an MSc in Computer Science in 1984.
`
`Since graduating, Gryaznov has held various positions in the Program Systems Institute at the Russian
`Academy ofSciences. Earlier this year he moved to the UK, and now works as a senior virus research
`analyst with S&SInternational Plc.
`
`HAROLD HIGHLAND
`
`Dr. Harold Joseph Highland, FICS, FACM, is the only Fellow ofboth the Irish Computer Society and the
`US Associationfor Computer Machinery. The career ofthis ‘elder statesman’ ofcomputing spans over 57
`years with experience in the military, industry and academia.
`
`His professinal life started when he was designated as Honor Graduate ofhis military class and
`commissioned on his college graduation in 193 8. He served as Provost Marshall and was seconded to
`cryptographic analysis and later to intelligence analysis. In addition to working for The New York Times and
`other newspapers, Highland was a research statistician, an economist, a management consultant, a methods
`engineer, a magazine editor and publisher, a television producer and even MCed one ofhis programs. He
`also owned an advertising/public relations organization, was a dean ofa graduate school, associate dean ofa
`liberal arts college, director ofvarious computer centers, a consultant, and a classroom teacher. Likewise, he
`has worked with various government agencies and even today serves as computer security consultant to the
`Beijing government.
`
`Prior to his retirement in 1981, Highland planned a new internationaljournal, Computers & Security, the
`first issue ofwhich appeared in 1982: he was Editor-in-Chief. In 1984, his publication became the official
`journal ofInternational FederationforInformation Processing ’s Technical Committee I I on information
`security [IFIP/TCl 1]. Dr. Highland is a prolific author, who has written 27 books in the past 35 years. He
`has also published and!orpresented over 200 technical papers in various areas ofcomputing at regional,
`national and international conferences, as well as in professional journals.
`
`JEAN HITCHINGS
`
`Jean Hitchings obtained a BSc in Computer Science from the University ofWestminster in 1982 and went on
`to study for an MSc in the same subject at the University oflondon. Since January 1992 Jean has been a
`lecturer in Information Technology at the University ofNottingham. She has recently gained a PhD in
`Computer Science from the University ofEastAnglia.
`
`
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`00001 3
`
`000013
`
`
`
`
`
`JAN HRUSKA
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 ° ix
`
`Jan Hruska is the Technical Director ofSophos Plc in Oxford. A graduate ofDowning College, Cambridge,
`he gained his doctorate at Magdalen College, Oxford. In April 1980, he formed Sophos with Dr. Peter
`Lammer as a computer design partnership: the company was incorporated m 1987 and specialises in data
`security. He is a co-author (with Dr Keith Jackson) of ‘The PC Security Guide’, published by Elsevier, and
`‘Computer Security Solutions’, published by Blackwells. He is the author of ‘Computer Viruses and
`Anti-Virus Warfare’, published by Ellis-Horwood. Hruska regularly speaks at computer security
`conferences and consults on a number of security aspects, including virus outbreaks. His extra-curricular
`interests include flying, skiing, scuba-diving and piano-playing and he is an ex—member ofMensa.
`
`JAKUB KAMINSKI
`
`Jakub Kaminski graduated and received an MSc in Electronics from Warsaw Technical University in 1986.
`He went on to work for the Institute ofFundamental Technological Research, at the Polish Academy of
`Sciences, spending most ofhis time doing system programming and working in different assemblers.
`
`In 1992, Kaminski moved to Australia and started working for CYBEC. He disassembles new viruses and
`incorporates them into CYBEC’s VET. In June 1995, he joined the Virus Bulletin team as Technical Editor.
`
`ROBIN KINNEY
`
`Robin Kinney has dedicated nearly his entire career to devices used for treating cancer. The last nine years
`he has spent in software management of Varian Oncology Systems, where he has managed both departments
`and projects.
`
`Kinney is an advocate ofsoftware process improvement. He led the effort within Varian Oncology Systems
`for ISO-9001 certification, and has spent more than a year as chair ofthe Software Process Improvement
`Committee within that organization.
`
`PAVEL LAMACKA
`
`Pavel Lamacka graduated in 1971 and, in 1983, gained a degree in computer science from the Slovak
`Technical University in Bratislava. He has worked at several research institutions, mainly in software
`engineering, taking part in work on software - including a real-time operating system for the first Slovak
`control computer. He was a member ofthe team which designed and implemented the BPS programming
`system based on a MODULA-2-like programming language (this system was used for years on IBM
`mainframes and DEC minicomputers) and has also worked on a perspective block-building programming
`system.
`
`In Spring 1988, he encountered and disassembled his first virus and gave his first lecture on viruses and
`other computer infiltration means. Since then, he has been active in computer security, initially as a
`consultant, later as an author of computer security products. Lamacka is currently the Head ofthe Computer
`Accidents Research Center, which he formed in 1992 and which is based in HTC, a large private computer
`company.
`
`IVIIKE LANIBERT
`
`Mike Lambert is Electronic Security Manager at Frontier Corporation. He has been involved with computer
`viruses since 1988; doing analyses, testing products and assisting in cases ofvirus infections. He has
`written other papers on Disaster Recovery Disks for the PC and fatal DOS vulnerability.
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOO14
`
`000014
`
`
`
`x - VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
`
`
`FERENC LEITOLD
`
`Ferenc Leitold graduated from the Department of Informatics atBudapest Technical University. Having
`completed a three year post-graduate course at the university, he is now in the process ofdoing a PhD on
`the mathematical modelling ofoperating systems and computer viruses.
`
`Leitoldjoined the fight against computer viruses in 1988, with the appearance ofthe first virus in Hungary
`(Cascade). He is a founding member ofthe Hungarian VirusBuster Team, operating under the aegis of
`Hunix Ltd. Their anti-virus product, VirusBuster for DOS and NetWare, is sold throughout Hungary.
`
`JONATHAN LETTVHV
`
`Jonathan Lettvin has been Lotus’ anti-virus principal investigator for six years. He developed all ofthe
`company’ s anti-virus policies and procedures. He also created the Lotus ‘Release Engineering Anti-virus
`Laboratory’ (REAL): this is responsible for examining all Lotus products for viruses before shipping.
`REAL has an unblemished record ofpreventing viruses being shipped in Lotus products.
`
`Lettvin has been programming for many years, and views his anti-virus work at Lotus as strongly influenced
`by his training at MIT, medical school and Bell Labs, as well as some beneficial professional partnerships.
`
`0verByte was incorporated to develop and market products based on Lettvin’s experience fighting viruses in
`the Lotus corporate environment. Lotus has been generous in granting all commercial rights for
`DisQuick/ViRemove to 0verByte and is its first and best customer.
`
`DMITRY MOSTOVOY
`
`Dmitry Mostovoy was born in 1962, in Moscow. He graduated from the MoscowAviation Institute,
`specializing in Space Science, and then worked at the Keldysh Institute ofAppliedMathematics at the
`Russian Academy ofSciences, on the dynamics ofthe re-entry ofspace vehicles. Mostovoy participated in
`the Russian orbiter ‘Buran’ project
`
`Mostovoy obtained a PhD degree in theoretical mechanics and, in 1989, became interested in the computer
`virus problem. Since 1991, he has been a leading anti-virus designer at Dial0gueScience Inc, and the author
`of one ofthe renowned Russian anti-virus utilities, ADinf, a data integrity checker. Mostovoy is also an
`
`active yachtsman.
`
`IGOR MUTTIK
`
`Muttik Igor was born in Moscow in 1962. He graduated from the Physics Department ofMoscow State
`University in 1985, where he subsequently worked on low temperature physics and used computers in
`physics experiments. In 1989, he received a PhD in physics and mathematics from Moscow University. He
`then worked on the use ofcomputers in education and experiments, and published more than 50 scientific
`articles in various Russian and international magazines. In 1988, he became interested in computer viruses,
`although this anti-virus activity was just a hobby.
`
`A programmer and a researcher, Muttik has developed an interest in the fundamental investigation of
`viruses. He is especially engaged in complex polymorphic, armored and multi-partite viruses. In 1994 he
`joined CAR0. In August 1995 he was appointed Virus Research Analyst at the Virus Laboratory ofS&S
`International Plc, in Aylesbury, UK
`
`
`
`—
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England.
`~ Tel. —+44 (0)1235 555139. —No—part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOO15
`
`000015
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 ° Xi
`
`PETER RADATTI
`
`Pete Radatti is the founder and President of CyberSofi, Inc, manufacturers ofVFind, the antivirus software
`product which executes on Unix systems. VFind simultaneously scans for Unix, MS-DOS, Macintosh and
`Amiga destructive software while providing cryptographic integrity to filesysterns.
`
`ROGER RIORDAN
`
`Roger Riordan graduated in Electrical Engineering from Melbourne University in 1954. After two years
`with English Electric in the UK, and some years with CSIRO, he set up CYBEC Electronics in 1973. At
`CYBEC, he designed a wide range ofscientific and industrial equipment. Hejoined Chisholm Institute of
`Technology as a lecturer in Electronics in 1983, and became involved with computer viruses in 1989, when
`the PC labs were paralysed by an outbreak ofthe Stoned virus. He wrote the first version ofVET to counter
`it, and gave it to the students as shareware.
`
`Riordan has attended a number ofinternational conferences, and published several papers on his work
`related to virus research. He is a member of CARO, the intemational anti-virus research organisation.
`
`PAUL ROBINSON
`
`Paul Robinson, Editor ofSECUR.E Computing magazine, has a long track record writing about security
`issues and related solutions. Prior to assuming the editorship, he wrote for many ofthe top UK computer
`and business magazines. SECURE Computing is an international securityjournal with one ofthe largest
`circulations ofa publication in its field.
`
`FRIDRIK SKULASON
`
`Fridrik Skulason received a BSc fiom the University ofIceland. In 1987, he started his own software
`company in Reykjavik, specialising in programs tailored for Icelandic needs. Skulason became involved in
`computer viruses in early 1989, when they first appeared in Iceland. He is the author ofF-Prot anti-virus
`software and is a former Technical Editor of Virus Bulletin.
`
`DAVID STANG
`
`David Stang has been involved in computer security for several years, and is currently the Chief Technical
`Officer for Norman Data Defense Systems, Inc. He was the founder ofthe National Computer Security
`Association (NCSA) and also founder and chairman ofthe International Computer Security Association
`(ICSA), the umbrella organization for the NCSA. He is the author of several books on computer security
`including Norman’s ‘Computer Virus Handbook’, and co-author (with Syliva Moon) of ‘Network Security
`Secrets’. Stang edited Wrus News and Reviews (VNR), ajournal which was published monthly throughout
`1992. He is also a member of the editorial board and columnist for InfoSecurity News, and has contributed
`over 160 articles to the computer trade press.
`
`Stang holds a PhD from Syracuse University, an MS from the University ofToronto and a BS from Cornell
`University.
`
`MORTON SWIMIVIER
`
`Morton Swimmer was born in New York City, USA. Afier moving to Germany, he studied first in England
`and then at the University ofHamburg, Germany. He is currently close to completing his Master’s degree in
`Computer Science (Inforrnatik).
`
`WRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 2'] The Quadrant, Abingdon, Oxfordshire, OX14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a reuieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOO16
`
`000016
`
`
`
`xii ° VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995
` m
`
`Swimmer has been a member of the Virus Test Center at the University ofHamburg since its inception in
`1988. He has also managed S&S International (Deutschland) GmbHas well as working in the Virus Lab at
`S&S International Plc, UK His research interests are in computer and network security, ir1 particular
`computer viruses and worms.
`
`IAN WHALLEY
`
`Ian Whalley has been Editor of Virus Bulletin since April 1995; before that he worked at Sophos Plc
`developing an anti-virus solution for Windows NT. He is a graduate ofManchester University (1994),
`where he studied Physics and Computer Science, and it was here that he first became interested in the field
`ofcomputer security. He maintains a keen interest in viruses on the new generation ofPC operating
`systems, not least Windows NT.
`
`STEVE WHITE
`
`Steve White received a PhD from UCSD in theoretical physics in 1982, and since then has been at the IBM
`Thomas./'. Watson Research Center. He has had articles published on avariety of subjects, including
`condensed matter physics; optimization by simulated annealing; software protection; computer security and
`computer viruses. White holds several patents in security-related fields. He organized and now manages the
`High Integrity Computing Laboratory atIBMResearch, where he is responsible for the research and
`development ofIBManti-virus products. His research interests include the long-term implications of
`computer viruses and other self-replicating programs in distributed systems.
`
`RIGHARD ZWTENENBERG
`
`Righard Zwienenberg is the Research & Development Manager ofComputer Security Engineers Ltd. He
`started dealing with computerviruses in 1988 after encountering the first virus problem on a system at the
`Technical University ofDelft. His interest thus kindled, Zwienenberg has studied virus behaviour and
`presented solutions and detection schemes ever since - initially as an independent consultant and later, in
`1991, with CSE. His interests have now broadened to include general security issues, such as network
`protection and intemet firewalls.
`
`
`
`VIRUS BULLETIN CONFERENCE ©1995 Virus Bulletin Ltd, 21 The Quadrant, Abingdon, Oxfordshire, 0X14 3YS, England.
`Tel. +44 (0)1235 555139. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
`without the prior written permission of the publishers.
`
`OOOO17
`
`000017
`
`
`
`VIRUS BULLETIN CONFERENCE, SEPTEMBER I 995 ° xiii
`
`THE DELEGATES
`
`(asof29/08/95)
`
`Emmanuel Areola
`
`EBA Communications
`
`UK
`
`Sqn Ldr Mark Baker
`
`RAF High Wycombe
`
`Philip Bancroft
`
`Digital Equipment Corporation
`
`UK
`
`USA
`
`Pavel Baudis
`
`Ken Bauman
`
`Richard Beard
`
`Alwil Software
`
`Czech Republic
`
`Computer Security Consultants Inc
`
`State Street Bank
`
`USA
`
`USA
`
`Germany
`
`USA
`
`USA
`
`USA
`
`The Netherlands
`
`UK
`
`USA
`
`Germany
`
`Iceland
`
`UK
`
`USA
`
`USA
`
`Juergen Benz
`
`Deutsche Telekom AG
`
`Joseph Bemfeld
`
`Merrill Lynch
`
`Daphne Bertrand
`
`United Parcel Service
`
`Derril Bibby
`
`Robin Bijland
`
`Pat Bitten
`
`Jim Blackwell
`
`Peter Bohm
`
`Texaco Group Inc
`
`ESaSS GmbH
`
`S&S International
`
`US Department ofAgriculture
`
`NoVIR Data
`
`Vesselin Bontchev
`
`Frisk Software International
`
`Kevin Bosworth
`
`British Telecom
`
`Adrienne Botti
`
`Donald Boyd
`
`Department ofthe Navy
`
`New York Times
`
`Carl Bretteville
`
`Norman Data Defense Systems
`
`Norway
`
`James Brown
`
`Charles Brown
`
`Fidelity Investments
`
`Keiretsu Institute
`
`Torri Buchwald
`
`Pratt & Whitney
`
`John Butler
`
`The Automobile Association
`
`USA
`
`USA
`
`USA
`
`UK
`
`WRUS BULLETIN CONFERENCE ©1995 Virus Bulletin L