Malcon


MALCON is a premier international technology security conference focusing exclusively on proactive malware research and analysis. MalCon is a part of Information Sharing and Analysis Center, in support with the Government of India.
Executed in India by the UK based multinational media company UBM Plc that also owns the infamous Black Hat briefings, MalCon aims in bringing together Malware and Information Security Researchers from across the globe to share key research insights into building and containment of the next generation malwares. Unlike most hacker conventions, MALCON is opposed to the much debated ‘zero day’ and ‘full disclosure’. The first MalCon conference took place in December 2010 at Mumbai and Pune, India.
Many of the attendees at MALCON include security professionals, Government employees, lawyers, researchers, journalists and hackers with interest in malwares and its global impact on economy. The event promotes “proactive” research in malware coding and openly invites malcoders to come forward and demonstrate their creation.

History

Malcon was founded in 2010 by Rajshekhar Murthy, known as thebluegenius, is a science graduate and an ex-employee of Microsoft Corporation. Since the inception of MalCon, it has been widely backed by numerous government organizations such as NTRO. Eventually, MalCon became a part of Information Sharing and Analysis Center, a non-profit in support with the Government of India in 2011.

Philosophy

The event organizers have issued a FAQ that outlines their philosophy for MalCon, where they explain their objective as “Our Aim is to help the Security Industry as well as Software Industry, understand this fine ‘art’ of Malware Development so that they can build better and secure code, as well as work towards mitigating potential new attack vectors.”
In an interview to kerbsonsecurity, he quoted "While a conference can be done by inviting the best / well known security experts who can share statistics, slides and ‘analysis’ of malwares, it is not of any benefit to the community today except that of awareness. The need of MalCon conference is bridge that ignored gap between security companies and malcoders. They have to get on a common platform and talk to each other. Just like the concept of ‘ethical hacking’ has helped organizations to see that hackers are not all that bad, it is time to accept that ‘ethical malcoding’ is required to research, identify and mitigate newer malwares in a ‘proactive’ way".
Rajshekhar Murthy coined new security term “ethical malcoding” to differentiate between malcoders who work in the background independently or with various security firms for research and those who do it for financial gain; and another term "GuuWare" to describe software’s that may have similar attributes of a malware but are used for defensive purposes.

Controversies

MalCon approach of openly inviting "ethical malcoders" gained a lot of International attention and faced criticism from notable security sites and bloggers. On its part, MalCon on its FAQ maintains that “It is not about rapid analysis but about detection. Technology or not, MalCon conference or not, there are new malwares out there constantly being created. Even if the available handful of security vendors have their own team of researchers for analysis, this is not enough. Active and open participation by ‘ethical malcoders’ will help advance the research and containment capability of our existing methods”

Event format

The MalCon convention has the following format:

The Malware Comic

The malware comic was announced by the MalCon team on day of Maha Shivaratri 20 February 2012 - and stated that they planned to release Zero-days using comics. The comic is expected in two formats - a web and a printed version, where the printed version is specifically for the Indian Government officials, Intelligence agencies and Law enforcement groups, who are regular attendees at the conference.

The Malware Journal

The creation of Malware Journal was formally disclosed at MalCon 2011. The quarterly journal is in collaboration with various hacker groups with the objective of helping coders understand the art behind malcoding for offensive defense and security. This journal is also seen as a remarkable and significant point in the history and evolution of hackers and cyber warfare capabilities of India.

Notable events

MalCon 2012