Q&A: Malware and Research
by Mirko Zorz - Friday, 10 April 2009.
What do you see as the biggest online security threats today?

As referenced before the ID stealing malware is a great threat. The other major malware threat that is currently out there is called rogue anti-malware. This rogueware pretends to be an anti-malware product and produces all sorts of fake detections. If you want to remove the threats you need to pay up. This approach seems extremely effective and a lot of unsuspecting users, thinking they are doing the right thing, are falling for it.

Social networks also need to be mentioned here. There is a lot of danger in these networks. People are giving out a lot of information which can (indirectly) lead to spear phishing attacks on them or their friends. Social networks are already being used for the spread of malware and it's been reasonably successful. We can pretty easily warn user for this type of threat. But when it comes to the information disclosure issue it's very hard to educate people as there is not a lot of direct public proof of these attacks. This means that many people feel that the threat is overblown.

Based on statistics you collect, what countries stand out in malware production?

Before I can answer this question I need to clarify something. We can normally tell if malware has been created by a Chinese malware author. But as many of the malware authors are selling their creations we can't really say for sure who's responsible. The same goes for malware hosting. So we may see a malware sample originally authored by a Russian on a Chinese hosting server while the buyer of the trojan is German.

With that said we definitely see China as the main source at about 60% of the malware samples. This is followed by Russia/Ukraine and Latin America. From Latin America we are mostly seeing banker Trojans and phishing. China has gone from producing password stealers for online games such as World of Warcraft to a more generic offering. Russia has always been quite generic, with a focus on spam. It also still looks like the most advanced malware comes from Russia, but the Chinese malware authors are definitely working on that area.

As worms like Conficker steal headlines and get picked up by mainstream media, do you see organizations getting smarter and protecting their networks?

What we see first of all is that the cyber criminals are getting better at protecting their botnets. That's a logical development which is providing new challenges for the security community. However I'm not that sure that legitimate businesses are learning at the same pace. A lot of the Conficker epidemic could have been prevented if ISPs had taken better care to protect the consumer networks.

Also the current economic situation is not helping, with businesses trying to cut costs. However in that regard I think that most businesses will have reconsidered any security budget cut after getting hit by Conficker. Overall it may have improved things a bit in the bigger companies, but not so much in the smaller. I think it's regular business. Businesses getting hit with malware will try to improve, businesses not hit will think they are doing alright. For businesses it doesn't matter if a threat is called Conficker or Agent, they simply don't want to get infected.

Where do you see the current security threats your products are guarding against in 5 years from now? What kind of evolution do you expect?

That is actually extremely hard to predict. To make an accurate statement about it you need to factor in a lot of different things. Where will the internet be by then? Will there be involvement and responsiveness from law enforcement and if so, how much? And so on.

In any case the threats will go where the money is. In five years mobile banking will be very standard and therefore we will see a lot of malware for mobile devices. If Apple's market share continues to grow the same will apply to Apple operating system. Online games will still be big so there will still be a lot of malware targeting those games and gamers. Overall a lot will depend on how well law enforcement will be able to track down cyber criminals all across the world.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th