News  |  Concept  |  Motivations |  Rules  |  Samples  |  Environment  |  Links  |  FAQ  |  Contact

Concept

What is the concept behind the contest ?

The event involves contestants being given a sample set of malicious programs to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.

There are a number of key ideas we want to get across by running this event (see motivations for more details):

1. Reverse engineering and code analysis is fun.

2. Not all antivirus is equal, some products are far easier to circumvent than others. Poorly performing antivirus vendors should be called out.

3. The majority of the signature-based antivirus products can be easily circumvented with a minimal amount of effort.

4. The time taken and costs involved to modify a piece of known malware to circumvent a good proportion of scanners is disproportionate to the costs of antivirus protection maintenance and the losses resulting from the (often blind) trust placed in it.

5. Innovation in the AV space is desperately needed, the model of continually updating signature databases is antiquated and a bad fit for the threats which it is designed to counter. Publicity such as this contest will hopefully stimulate such innovation.

6. Antivirus is just part of the larger picture, you need to look at controlling your endpoint devcies with patching, firewalling and sound security policies to remain virus free.

We are not creating new viruses and modified samples will not be released into the wild, contrary to the belief of some media organisations

Above all we want the contestants to have fun!