News

It's a jungle out in the online world. If it's not spammers trying to sell you fake designer watches and dubious pharmaceuticals, it's scammers trying to convince you to part with confidential information or delivering sneaky little downloads that scoop your banking passwords or install backdoors on your computer.

The X-Files mantra, “trust no one,” has never been more appropriate.

But here in Russia's capital, home of many of the world's most prolific malware authors, Eugene Kaspersky, co-founder of malware-fighting Kaspersky Lab, believes his company's mission is to save the world from all that.

This playful bear of a man, who has dubbed his malware analysts “woodpeckers” (because of their constant tapping on the keyboard) and given them a whimsical logo that's a takeoff on the iconic Russian double-headed eagle, is deadly serious about combatting the increasing numbers of cybercriminals plaguing the Internet.

Kaspersky Lab may not be considered mainstream in North America – though it did capture the number two spot in the U.S. anti-virus retail market in October according to the NPD Group – but elsewhere in the world it is a market leader.

But Mr. Kaspersky says fulfilling his mission is not just about developing tools and technology. “One of the key factors of success is trust,” he said. “We're doing our best to educate the market and show them how deep the rabbit hole is.”

In a word, deep. And getting deeper.

Consider, for example, the recent phish of Twitter accounts. People who fell for the invitation to check out a funny blog about them ended up having their credentials stolen, and having the phishing message sent to their followers from their accounts, perpetuating the cycle. Since many people use the same credentials for multiple services, they could have a big problem.

Malware authors target other popular social-networking services too, with things like the Koobface worm on Facebook and MySpace that quietly made sure its author could take complete control of the victim's machine at any time. In these infiltrations botnets are made; the machines become autonomous conduits for spam.

“It's an arms race,” Mr. Kaspersky said of the battle between malware authors and malware fighters. “Cybercrime is a low-risk business. There's no physical contact with the victim – the criminal doesn't see the victim, or feel his hand in the victim's pocket.” Not only that, but cybercrime groups are connected, he went on, and they sell data to each other. In fact, some cybercrooks specialize in developing malware, others in using it, and still others sell the illicitly obtained data.

Even smart phones aren't immune to malware. Mr. Kaspersky's researchers have already found over 150 mobile threats, which often act by surreptitiously sending SMS messages to premium numbers owned by the scammers.

The company estimates that those per-call charges, even at one message a victim, could easily add up to $4- to $6-million (U.S.) s year, although, Mr. Kaspersky wryly noted, “They don't report their income, but they have a lot of money.”

It is known, for instance, that one malware ring employs not one, not two, but three accountants. To add to the problem, Kaspersky UK's senior technology consultant David Emm pointed out that, in our connected world, there is so much possible now that wasn't possible before that people see the potential first, and only later realize the associated threats.

“We know only too well from the last 20 years [of] history that social engineering is successful,” he said. “The persistence of it as a [criminal] strategy is explained by the fact that there's always a new hook.” For example, in 2001, the hook that conned people into opening things they shouldn't was 9/11, in 2004 it was Hurricane Katrina, in 2007 (in Europe, at least) it was floods, this year it's Barack Obama. Next year, who knows.

Those hooks persuade people to download malware that typically is used to build botnets or steal identities, according to Mr. Emm.

Anti-malware companies are fighting these threats with both the traditional signature-based products and technologies such as whitelisting (defining which programs may be run on a machine, rather than those which may not be run). They inspect websites in search results to filter out known malware sites, and use reputation-based ratings based on user feedback. Kaspersky Lab spends about one-third of its revenue on R & D.

“The anti-virus industry is in a technical competition with cybercriminals,” Mr. Kaspersky said. “We have to develop new technologies and new approaches to protecting customers. It's a very interesting place.”