Welcome to the 3rd International Conference on Malicious and Unwanted Software (Malware 2008) home page, formerly International Swarm Intelligence & Other Forms of Malware, to be held at the  Hilton Alexandria Mark Center, Alexandria, VA, USA, October 7-8, 2008.

The conference is designed to bring together experts from industry, academia, and government to present and discuss, in an open environment, the latest advances and discoveries in the field malicious and unwanted software, the techniques, economics and legal issues behind their use, and the methods to detect and control them.

This year main focus for the conference will be “the scalability problem”. Simply stated, it is the belief of the organizers that the uncontrolled exponential growth of Malware seen today in the wild negates previous advances in the field, and further puts our national infrastructure in jeopardy. Many argue that in today’s world, where million of computers connected via high speed lines can be hijacked as part of “botnets” or “swarms”, where hundreds of million of lines of code in the Operating Systems, user applications or dedicated embedded solutions are vulnerable to malicious attacks due to inherent software defects, that the battle for information assurance and against malicious code is already lost.

Simultaneously, data supporting this pessimistic view of the world has been reported by many of the major Anti-Virus and Anti-Malware companies. In effect, it has been reported that the uncontrolled and exponential growth in the number of Malware samples jeopardizes the current crop of anti-Malware products, and questions the long-term viability of security protection models. Thus, this scalability problem is real, is here now, and can have dramatic impact on the way that we use and protect our information technology in the future.

The organizers thus solicit original written contributions addressing this issue. We welcome case studies based on recent Malware events, describing large-scale responses strategies employed, tools and techniques that were used, and quantitative measurements and interpretation on these events providing insight on the gravity of the scalability problem. In addition, the organizing committee equally welcomes more traditional research contributions of a theoretical nature, including modeling and simulations, or of a more practical nature, such as in-vitro laboratory experiments and tool and technique development and testing.

The proceedings of the conference, including accepted papers, will be published as a paper and CD proceedings and will be included in the IEEE Xplore digital library.  In addition, authors from the best and selected papers will be invited to submit an extended version to a special issue of the Journal of Computer Virology, published by Springer.  These extended papers will undergo a separate review process.

In addition to the traditional industry and research tracks, this year, a third track entitled "Software Complexity the root cause of System Vulnerabilities" has been added.  This track will address the ramifications associated with ever increasing software complexity to the National and International War against computer attacks. Specifically, the following topics will be covered:

• Do we really need all that added functionality? If we do, what price are we willing to pay in terms of susceptibility to ever increasing security risks.
• Is Microsoft really that lazy? That is, when it comes to fixing known vulnerabilities.
• Case studies that analyze the tradeoffs between software complexity and vulnerabilities.