Q&A: Malware and Research
by Mirko Zorz - Friday, 10 April 2009.
Roel Schouwenberg is the Senior Antivirus Researcher at Kaspersky Lab. Roel has nearly a decade of malware research and analysis experience. He monitors the state of malware in North America, providing advanced analysis of malware.

Roel focuses on classic virus techniques that are used in today's malware and improving proactive detection capabilities and conducts research into file format vulnerabilities such as malicious PDFs.

In your opinion, what is the real menace posed by cyber-crime groups?

It's hard to single out one particular aspect of all the dangers posed by cyber criminals. However I would have to say the ID theft that's going on, on such a large scale. One aspect of that threat is that of the many, many trojan horses out there, many go after personal identifiable information.

However the large-scale database breaches we've seen over the last year may pose an even bigger risk. The recent Heartland breach has compromised the data of up to 100 million people. That shows that there are a couple of criminal groups out there not afraid to go for such high profile targets.

In the US there is mandatory disclosure, but in many other countries in the world this is not the case. So it's very likely there have been other mass-ID breaches that have never been disclosed.

Going along with ID theft is the fact that it may be a very painful process to get all this damage undone. In cases it can take up to a year or longer before bad guys are actually using the stolen data, so it may even take a long while to find out that something was wrong and track it all back.

How has the malware "game" changed in the past 5 years?

It has changed tremendously. Five years ago we were still seeing big email worm epidemics on a very regular basis. These days, with the exception of Conficker, we don't see high profile epidemics anymore. This is because criminals generally don't want to draw any attention from anti-malware companies and/or law enforcement. What also adds to this is that today about 90% of the malware we see is not self-replicating.

The volumes of malware has also changed. In 2008 we saw ten times as much malware as in 2007. In 2007 we saw the same amount of malware as in the whole twenty years before that combined. Right now we see up to 40,000 new threats per day, even two years ago that would have been very hard to imagine.

There has also been a shift in how people are writing malware. In 2004 we were already seeing the change from people writing malware for fun to writing malware for profit. These days over 98% of all the malware we see is created with profit in mind. So we're fighting professional cyber criminals rather than teenage kids trying to prove themselves like five years ago.

Is the rising skill level of malicious virus creators becoming a problem when developing antivirus software?

Ever since the anti-malware industry started some twenty years ago threats have been getting more complex. We've always managed to cope. On the other hand we can see that the motives for writing malware have changed. And, what's probably more important, is that the very good coders are selling their stuff. This means that advanced malware has become more and more common over time. However we are constantly improving our technologies as well. These days anti-malware products are no longer just the standard signature scanners from five years ago. We have lots of different technologies to fight malware and signatures are just a part of that.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th