There are security conferences, and then there is Virus Bulletin. While virtually all of the presentations are from researchers working at antimalware vendors and other security companies, the talks are quite technical and this year’s conference, which starts Wednesday in Geneva, Switzerland, features one most interesting speaker: Eric Davis of Google.
Davis is the man charged with curbing the abuse and poisoning of Google’s Web ads, a tactic that has become a favorite of attackers in the last couple of years. The most recent and most high-profile example of this is the incident that occurred on the New York Times home page earlier this month. An attacker running a scareware scheme on The New York Times used a third-party ad-buying service to buy ad space on the paper’s home page, using it to serve pop-up boxes from fake antivirus software.
This type of scam has become a serious problem for Google as scammers have routinely pounced on current events, such as celebrity deaths or political scandals, to direct unsuspecting searchers to malicious Web sites. That undermines the confidence that advertisers have in the system that Google uses to serve keyword-based text ads, which is one of the company’s main revenue sources.
Google is open about some things, but the company has spoken little publicly about the ways in which it is fighting this problem. Davis, whose title is head of malvertising, is scheduled to talk about “structural changes that could realign the current incentive structure to force improvements in security.” That’s a classically vague conference session description, and keynotes as a rule are dull, but given Google’s influence on the Web and, by extension, Web security, Davis’s talk looks to be worth the time.