advertise here



Industry Comment Research   RSS Feed

Webinars Buyers' Guide Podcasts

Related Publications Foward Features




  In partnership with:

Playing chess around the clock in the war on malcoders

Eugene Kaspersky is the Head of Virus Resarch at Moscow-based Kaspersky Lab. Born in Novorossiysk, Russia, he graduated from the Institute of Cryptography, Telecommunications and Computer Science and worked at a multi-disciplinary scientific research institute until 1991. He began studying computer viruses in 1989, when the Cascade virus was detected on his computer.

From 1991 to 1997 Eugene Kaspersky worked at the KAMI Information Technologies Centre where he developed the AVP antivirus project with a group of associates (AVP was renamed Kaspersky Anti-Virus in November 2000). Eugene Kaspersky became a co-founder of Kaspersky Lab in 1997.

Today, he is one of the world's leading experts in the information security field. He has written a large number of articles and reviews related to computer virology and speaks regularly at specialized seminars and conferences all over the world.

At the recent Infosecurity Europe show in London, Brian McKenna caught up with him for Infosecurity.

It’s often said in the western IT and business press that organized crime is now behind malware. That it is no longer just hobbyists. And that malware comes in waves from Russia and the other former Soviet bloc countries. What’s your perspective on all of this?

The criminalization of the internet is evident. There is no need to doubt it; we have the newspaper reports, we have the police reports. It’s been an especially noticeable trend during the past three years.

Three years ago, malicious code was written by vandals. Today it’s mostly written by criminals to make money. We can’t away from that. It is not exaggerated, not hyped. It is just like that.

I think that organized crime still isn’t quite there; my feeling is that it is just small groups or individuals. But we are starting to receive information that traditional criminals are getting interested, and the recent kidnapping of a Russian software developer in order to get him to write malicious code is an example of that.

So, it is real, but is it especially Russian?

No, all the countries have some level of criminality here, depending the economic situation and whether the police are active or not. But, in point of fact, the biggest number of Trojans are coming from China. In second place are Spanish and Portuguese-speaking malware writers, thought that could mean Los Angeles as much as Latin America.

The developers, and IT people in general in Russia, are actually quite well paid. In Moscow – which admittedly is different to the rest of Russia – salaries for IT guys are the same as they are in Germany, and ahead of Italy and France. So, they have legal sources to make money from!

That said, Russia and Eastern Europe is number three – notably Ukraine, Kazakhstan, and Poland.

AV experts are saying that it is harder and harder to get samples of malcode since it is often deployed more discreetly now, against small, selected targets. Is that your experience?

Yes. Sometimes you get just one Trojan for one computer. We see that with banks and mobile phone companies. You get the attack developed by an insider, or developed outside but injected inside. At Kaspersky we have an anti specific Trojans project in our InfoWatch business.

There are more and more criminals, and more and more samples. So need more and more qualified people, but they are in very short supply. You need very experienced people. You need something like a team of chess players working round the clock.

And there are more and more devices, too — smart phones and the smart house will come. There are more devices attaching to the network. And more operating systems in play. For example, in Germany and France you see Linux more. And there are Mac viruses being be written again, too. It’s a big problem.

And the criminals pay close attention to the Anti-virus companies, They use special tricks to by-pass anti-virus, and they monitor the IP addresses of AV companies when they come to their sites to get samples. It is like a war.

How is Kaspersky evolving in this war?

It’s not easy. We need to have experts, who are in short supply. And what we do is try to be ready for the future threats. We try to anticipate what will happen in two or three years time.

It is often said signature-based anti-virus technology is not good enough any more because of the speed of vulnerability to exploit; and that you need to deploy technology that detects and blocks anomalous network behaviour. How do you see this?

Well, it terms of behaviour blockers, you need to realize that on the opposite side there are humans as well. If you develop a 100% heuristic scanner the hackers will immediately develop new technologies to bypass it. You can’t use heuristic technologies on their own.

You see, the hackers have time to develop their attack, and we are faced with new types of attack which we are not ready for. Yes we need to be proactive, but we need to be very reactive too, to make the gap [between vulnerability disclosure and exploit] as small as possible. And so we are developing special techniques to get malcode samples very quickly from the internet.

Among the new generation of threat is cyber-blackmail, as exemplified by Krotten. This is where a Trojan encrypts the data on your computer, then the attacker offers to decrypt for $300 or so. It’s a new thing; it seems the Krotten cracker was from the Ukraine, but we’ve had similar reports from the US recently. And there are new versions of these Trojans, which suggests it is working. With Krotten we broke the password. Now, my anti-virus experts, my ‘Woodpeckers’, are saying to me: “so now we’re decryption experts too!” It is all very hard!

 



 

 
Search this Site:
Google Custom Search



Click here...