Kaspersky Lab: we are not an anti-virus company

    “We are called an antivirus company. But that’s not the case, ”said Costin Raiu, Kaspersky Lab’s leading security expert in Eastern Europe. “The main threat now is the Trojans. The global epidemics of worm viruses by 2008 have virtually ceased. Cybercriminals now use silent, small-scale attacks, being below the antivirus “radars” of early detection and constantly competing with each other, ”adds David Emm, a leading expert at Kaspersky in the UK. These and other experts of the Russian company spoke about the work of the Laboratory in the framework of the international press tour, which started in Moscow on Friday.

    The cessation of epidemics, according to Kaspersky, however, does not mean reducing the threat to computer security. The malware signature database over the past year has grown almost 3 times, from 500 thousand to almost 1.4 million. The main motivation for criminals remains banal profit from gaining access to personal data of users, blackmail and extortion, forced advertising and theft of virtual property (for example online game accounts).

    But besides that, the political motive plays an important role. Attacks on resources in Georgia and Estonia, which the leading antivirus expert LK Vitaly Kamlyuk attributes to the now dead Russian Business Network, are among those.

    Network intruders today are not interested in destroying businesses (which victims of extortion should especially remember) - “normal business for victims means normal business for them,” says David Emm.

    The computer crime ecosystem consists of several links: bosses (project managers), development (creating malicious code), deployment (infection distribution channels), management (controlling infected machines and monitoring their vulnerability to counterattacks), data theft (analysis of activity on the infected machine , tracking the victim) and channels for laundering profits.
    Computer Crime Ecosystem
    The whole process is controlled by close-knit groups. Moreover, each link in the ecosystem works according to the service model, providing its services to everyone. The links are interconnected by intermediaries - brisk and almost elusive one-day sites, IRC channels, etc.

    With all this, says David, you can only fight with increasing the overall literacy of users and intelligence agencies. In the meantime, it remains only to develop threat protection technologies.

    To the best of its ability, Kaspersky Lab develops cooperation with software developers, helping them not to make mistakes even before the release of the products. For example, as the head of the global center for research and threat analysis Alexander Gostev said, they helped the creators of the Mail.Ru Agent, which behaved like a typical virus in the system: created several copies of itself in different places, installed dozens of simultaneous connections, etc., from - for which it was constantly blocked by the same Kaspersky antivirus. In addition, LK worked with the authors of the popular Radmin utility.

    When asked if they would like to offer their experience and knowledge as consultations to a wide range of software developers, as Microsoft, for example, does by promoting the SDL program, Alexander said that Microsoft must first of all learn how to write secure software. For example, the recent MS 08-067 vulnerability, he says, is very similar to a 4-year-old hole, which at one time led to the Lovesan, Sasser, and Rbot worm epidemic.

    He is also skeptical of the practice of threat modeling during software development. “We prefer to deal with real things,” says Alexander. At the same time, Kaspersky Lab is part of key alliances that work with Microsoft to ensure the security of its products.

    Also popular now: