I've just returned from the 21st Virus Bulletin International Conference, held this year in Barcelona. I've been going to most of them since 1996 (I first presented there in 1997). And, for quite a few years, you could fairly safely predict that some bright spark would release a new virus or variant in the hope that with some of the best brains in the industry busy making presentations and swapping stories in a hotel bar somewhere in the world, their creation would stay under the radar for a bit longer.

So I suppose it's actually not surprising that another bright spark used the combination of the #vb2011 hash tag and a bit.ly shortened URL in the hope of tricking interested parties into downloading malware. If anything, the surprise is probably that it hasn't happened more often. Except that you'd think that someone who was actually interested in the content of a specialized security conference would be fairly careful about clicking on shortened (and, therefore, somewhat obfuscated) links. On the other hand, maybe it's worth a reminder that trusting the conference is no reason to trust everything that seems to relate to the conference, any more than trusting a friend is necessarily a good reason for trusting a link he sends you.

Going back to the real conference, one of the reasons I was there was to present a paper (with AVG's Larry Bridwell) about AMTSO and other testing issues, now published on the ESET white papers page: Daze of Whine and Neuroses. Also a presentation by Aleksandr Matrosov and Eugene Rodionov on x64 bootkit strategies: see http://blog.eset.com/2011/10/07/new-white-paper-presentations-and-an-sc-mag-article.