| The Reference in Independent Anti-Malware Advice and Information
Subscribe | Log in

Posts Tagged ‘CARO’

The AV community mourns for Klaus Brunnstein

The Viren-Test-Center’s founder passed away in May 2015, at the age of 77 (25/5/1937 – +19/5/2015).

Brunnstein was born in Cologne and later on based in Hamburg. Working at the University of Hamburg, he influenced the computer science education worldwide. He will for sure be remembered by many colleagues, family and friends.

 A man we all will miss!

Klaus was one of the founders of CARO (the Computer Anti-Virus Research Organization), an organization that was established in 1990 to research and study malware. CARO was planning to create another official and public organization called EICAR, an organization aiming at antivirus research and improving development of security software. It was during the inaugural meeting of EICAR in Brussels, Belgium in 1991 that I’ve met Klaus for the first time.

While talking to Klaus, I got to learn about so many new aspects of viruses and that made me being even more interested in this whole matter. Some of his ideas were very controversial while some others, on the contrary, were even very conservative. His ideas inspired me in a lot of security related topics, events and publications I touched, visited and launched afterwards. At least you could say that, without Klaus and my first encounter with a Trojan horse, back in 1989, I wouldn’t have been into the security industry at all.

I still remember Klaus from his interesting discussions and points of view on a closed security forum. Actually, I still have all of his feedback in my backup system. Some of these old mails range back 19 years! I always stayed in contact with Klaus and I have met him during many security related events like the early EICAR conferences in the nineties.

During one of the latest CARO workshops, I told him about a book that I was writing and he told me that he always would be there in case I needed some advice. For that reason, I asked him, several months ago, to write an opinion chapter about the future of security for my book, called “Cyber Danger” (the German version “Cybergefahr” will be published later this year). I now do realize, that this will most probably be the last words he officially wrote in a book. Klaus will always be remembered as a pioneer. I am greatly saddened to have learned of his death yesterday. He contributed so much to the industry.

Klaus, I still owe you a copy of my book! Somewhere. Sometime.


Book Launch ‘Cybergevaar’

IT security Information for everybody

I finally did it. In the beginning of October 2013, I and the Belgian publisher Lannoo ( ) officially launched ‘Cybergevaar’ in Belgium and the Netherlands. It was not an easy job, I can tell you but I always wanted to do this. It took me about 8 to 9 months to write and finalize it. That’s also part of the reason why I didn’t blog that often anymore during that period.

“Writing a book about cyber threats in a comprehensible and comprehensive way is not an easy task, but the book ‘Cybergevaar ‘ succeeds in this”, certifies the book’s first review, conducted by a well-known Belgian IT magazine, Datanews. The book “Cybergevaar” tries to provide a very readable and very accessible overview of almost every information security related problem and malware. It reaches out to the general audience and does not only target the technically savvy reader but provides information for everybody.


“Cybergevaar” starts with an overview of the history of malware and looks into the many profiles of malware writers and hackers. One of the chapters touches the topic underground economy and is using a lot of examples to explain the involvements. It is based on a whitepaper written by G Data SecurityLabs. Furthermore, new developments in the fields of cyber attacks, sabotage and espionage are discussed and looked into from different angles. The daily threats and the myths about malware are described in a detailed way. Among this, the chapter about general security tips and tricks is interesting for everybody. The book also provides a special chapter with thorough advice for companies.

While exploring the book, the reader can find several exciting security anecdotes and entertaining situations one possibly has never heard of before. Additional clarifications are provided throughout the entire book by use of attractive illustrations and easy-to-understand graphs. High-level opinions of people with experience and interest in the ICT security industry are included: Professionals such as Natalya Kasperskaya (InfoWatch), Ralf Benzmüller (G Data), Peter Kruse (CSIS Security Group), Bob Burls (Independent IT Security Consultant) are amongst the contributors.  The book also seeks to elaborate on how governments and the media can play a role in the ‘education’ of users. Moreover, it gives an inside look into the computer security industry and organizations like AMTSO and EICAR. And, of course, ‘Cybergevaar’ does not miss the opportunity to highlight how the problem and its solutions may develop in the future, with a special chapter in the form of a short story – ‘Radical Ransom’ – set in the year 2033.

“Cybergevaar” by Eddy Willems, Lannoo, 213 pages, is now available in Belgian and Dutch bookstores and online shops.  Plans to publish this book in other languages, such as German and English, are currently being discussed.

Official Website (Dutch): and

You can also order your version of the book via this webpage:


Three importants AV industry events in a row

The month May has always been dedicated to several traditionally important security industry events of the year. G Data is always present at these events and was playing a very important role this time.

While the EICAR conference 2011 was dominated by the buzzword cyberwar, the 2012 EICAR conference, actually the 21st, was focusing on ‘Cyber Attacks – Myths and Reality in Contemporary Context’. The conference took place at the Marriott Hotel in Lisbon.
The recent past brought a considerable shift in the underground malware authors’ mentality; a swing from the thrill-seeking geek striving for flame or glory to the professional culprit methodologies and, even more importantly, the inadequate expertise of the average user, for monetary gain. The next contemporary threat scenario calls for an adaptation of the technology and the defense methodologies. Even if scientific research would provide the baseline for some innovations, we still need to have a more holistic approach on the implementation of new innovations. This conference therefore invited researchers to address some of these issues in their papers.
This year’s event was another great one and we are already looking forward to the next one, including some new initiatives from EICAR which should appear soon on the EICAR’s website. If things turn out as planned, the EICAR 2013 conference will be held in Cologne, Germany, 9-11 June 2013.  (more…)

AMTSO, CARO and EICAR – conferences and events – an overview

The beginning of May was dedicated to three traditionally important security industry events of the year. It started with an AMTSO Meeting, then the CARO Workshop followed and it ended with the EICAR Conference. I participated for G Data in all of them!

You can find the original posting of this article at the G Data Security blog.

G Data is one of the members of AMTSO (, an organization currently comprised of around 40 members, representing testers, vendors, academics and publishers involved in anti-malware research. I was at the last AMTSO members’ meeting which was held in Prague. As always, a lot of work was done during the workshops: The document “AMTSO Guidelines on Facilitating Testability” was initiated at the suggestion of testers and developed jointly by testers and vendors. The new paper is the latest in a succession of guidelines and best practice documents already published. The AMTSO members also agreed to expand the range of documentation the organization produces to include more educational material. They also introduced changes to the voting procedure to ensure that documents cannot be approved by the members unless a majority of testers agree that the content is up to standard. This step mentioned last is designed to avoid any possibility of bias in favor of any group within the organization.