Malcon
Encyclopedia
MALCON is an annual information security conference focusing exclusively on malware
. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure
’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.
Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers
with interest in malwares and its global impact on economy. The event promotes “proactive
” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.
, known as thebluegenius, is a science graduate and an ex-employee of Microsoft
Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO
.
In an interview to kerbsonsecurity, he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".
Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare" to describe software’s that may have similar attributes of a malware but are used for defensive purposes.
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
. It aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure
Full disclosure
In computer security, full disclosure means to disclose all the details of a security problem which are known. It is a philosophy of security management completely opposed to the idea of security through obscurity...
’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.
Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
with interest in malwares and its global impact on economy. The event promotes “proactive
ProActive
ProActive is Java grid middleware for parallel, distributed, and multi-threaded computing. It is developed by the OW2 Consortium, including INRIA, CNRS, University of Nice Sophia Antipolis, and ActiveEon...
” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.
History
MalCon was founded in 2010 by Rajshekhar MurthyRajshekhar Murthy
Rajshekhar Murthy is an Indian Information security expert and social entrepreneur. Born in Kalyan, Mumbai, on 15 May 1981, he is widely known as the Blue Genius and founder of the International Malware Conference, MalCon.-Early career:...
, known as thebluegenius, is a science graduate and an ex-employee of Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO
National Technical Research Organisation
The National Technical Research Organisation is a premier apex scientific organization under the National Security Advisor in the Prime Minister's Office, India. It was set up in 2004. It also includes National Institute of Cryptology Research and Development , which is first of its kind in Asia...
.
Philosophy
The event organizers have issued a FAQ that outlines their philosophy for MalCon, where they explain their objective as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development (Which covers even exploits) so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”In an interview to kerbsonsecurity, he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".
Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare" to describe software’s that may have similar attributes of a malware but are used for defensive purposes.
Controversies
MalCon approach of openly inviting "ethical malcoders" gained a lot of International attention and faced criticism from notable security sites and bloggers. On its part, MalCon on its FAQ maintains that “It is not about rapid analysis but about detection. Technology or not, MalCon conference or not, there are new malwares out there constantly being created. Even if the available handful of security vendors have their own team of researchers for analysis, this is not enough. Active and open participation by ‘ethical malcoders’ will help advance the research and containment capability of our existing methods”Event format
The MalCon convention has the following format:- Technical briefings: The main content of the submitted CFPCall for papersA call for papers ' is a method used in academic and other contexts for collecting book or journal articles or conference presentations...
, the 2010 MalCon revolved around "Malware creation in under two minutes" theme.
- Workshops: Technical workshops related to Malwares.
- The Big Talk (panel discussion): A subject for debate by experts, the Big talk in MalCon 2010 focused on 'Hiring hackers for National security', where both hackers and representatives of the Indian Government participated.
- Capture the Mal: Announced for MalCon 2011, 'Capture the Mal' is proposed to be a variant of the popular Capture the Flag contest, where security professionals will try to capture and analyze an unknown malware in a limited time.
Notable events
At MalCon 2010:- Indian government officials reportedly asked Indian hackers to learn Chinese to beat the red attacks.
- Indian hacker, and MalCon's Technical Director, Atul Alex released an updated and modified firmware for the SymbianSymbianSymbian is a mobile operating system and computing platform designed for smartphones and currently maintained by Accenture. The Symbian platform is the successor to Symbian OS and Nokia Series 60; unlike Symbian OS, which needed an additional user interface system, Symbian includes a user...
OS with a backdoor.