CA Security Advisor Research Blog

Founded 6 years ago, XCON is a top level hacker conference in China. It is hosted by xfocus, a famous hacker group and sponsored by several security companies, such as NSFocus, Venus Tech and Microsoft.

There are a variety of topics on computer security presented at XCON, but vulnerability discovery and malware related techniques are preferred by the audience.

At previous XCONs, virus writers (VXer) showed the techniques used to write trojans, backdoors, and rootkits as well as polymorphic and metamorphic viruses. AntiVirus Researchers (AVer) showed the techniques used in anti-virus engines, containment of Internet worms and forensics on viruses. The fight between VXer and AVer is always a hot point at XCONs.

This year, the representative for VXer was a junior college student in China. He pointed out the faults in heuristic anti-virus techniques for each anti-virus software, including Kaspersky, Norton, and Jiangmin, etc. and provided the methods to bypass heuristic anti-virus techniques of every anti-virus software application, one by one. Undoubtedly anti-virus software vendors need to continue to work rapidly and diligently on their active anti-virus techniques.

The representative for the AVer is an engineer from the AST development team. AST is an anti-virus engine, developed from scratch and finished in half a year by Zhiqiang Dong with a team of less than 10 people. As we know, a major challenge for anti-virus software is handling packed viruses. A virus packed with a packer has to be regarded as a unique variant of the original virus. If the virus can be unpacked during real time scanning, only one signature is needed. AST introduced an unpacker that showed interest and promise for the AST team.

There is no victory or defeat in the fight, but Chinese VXer and AVer showed their talents in this field. A Microsoft researcher said at the conference that a Chinese intern student wrote a powerful generic unpacker for Microsoft in 3 months. The story adds legitimacy to the point of view that maybe China will become the primary battlefield for AVer vs. VXer in the near future.