The Next Attack is Bound to Come

Natalya Kaspersky
Natalya Kaspersky

Why are there so many viruses, trojans and other malicious programs on the Internet, despite the efforts of the IT security industry?

Kaspersky: The Internet is not secure because of its history, as it developed out of an open community. This openness is in fact a good thing, but of course people started using the Web for negative purposes and started to write all kinds of malware.

At the moment, we discover completely new malware every week. This development is connected with the fact that more and more people are using computers and other devices to surf the Web. And nowadays, most enterprises are no longer able to function without email. This increasing connectivity has led to more and more attempts to use malware to manipulate computer systems or steal data for personal gain. With a trojan, it’s easier to gain access to information than it would be to break into a safe to obtain confidential documents, or for that matter money.

Who is responsible for programming and distributing malware?

Kaspersky: Today, malicious programs are primarily created by well-organized criminals who want to make money. 99 percent of malware today was programmed with this aim in mind. Activities range from the theft of passwords for online banking to the acquisition of information that can then be sold on. Of course, money can also be made with dialers, spam mail, or unwanted advertising software.

The amount of criminal malware has doubled within a year. At the moment, people are undoubtedly making several billion dollars per year with malicious programs. More and more malware is programmed professionally and at a very high level. And we can assume that the programmers are remunerated accordingly.

How are the characteristics of malware changing?

Kaspersky: The creators of malicious programs combine different technologies, and that causes us problems in terms of classification. If a Trojan horse is also distributed as a spam mail that contains a link to a phishing page, it is difficult to categorize this hybrid behavior. On top of this, every manufacturer of antivirus software has its own system of classification, which doesn’t make our joint task any easier.

Another problem is that many malicious programs are now able to hide themselves in the computer. They can make their own files unreadable for virus scanners and in some cases have active ways of working against the security software. These are fairly complex, heterogeneous creations, and this situation is bound to get worse.
In general, however, I am cautious in evaluating future trends. The more we predict, the more unlikely it is that a particular malware will actually come about. We want to avoid allowing criminals to get to know our measures, because if they do, they will be able to bypass them. One example is the development with graphical spam. For a while, these mails with attached image files were everywhere, but as soon as there were effective methods against them, the spam immediately developed in a different direction.

Can the antivirus industry keep pace with the evolution of malware?

Kaspersky: We are naturally developing our products all the time. Spam filters or software for the behavior-based analysis of malware are important components, alongside virus scanners. But anyone who thinks they are completely protected by this software must think again. There is no way of successfully combating sophisticated malware. Criminals study our measures in depth and are constantly coming up with something new. We can merely react when they attack. We can put up new walls, but we never know where and how the next attack will happen. We cannot completely seal off the computers, because users need to be able to work with them.

That sounds like something of a hopeless battle. What is it that you like about the antivirus software business, if you are always one step behind the malware?

Kaspersky: I don’t think that our position is hopeless. Being one step behind is an unavoidable part of our business. We lose the battle against malware every day, but the important question is by how much we lose it.

What fascinates me about IT security is that the field is constantly changing and always presents new challenges. At the moment, we discover almost 500 new computer viruses every day; the antivirus database has to be updated by the hour and emergency updates are common.
Another interesting thing of course is that the market for security software is growing rapidly. And in contrast to other industries, growth is not followed by stagnation. A new attack causes the market to grow again.

Can you name some examples of threats that have stimulated the market for security software?

Kaspersky: The market grew when the first virus for Microsoft Word was discovered in 1995. At that time, a virus in a document was unheard of. The first major wave of spyware five years ago was again a new threat that boosted the market. Needless to say, some manufacturers of security software also talked up the subject, making users scared of spyware. These manufactures played on people’s fears: If they are afraid of something, they are prepared to pay money to protect against it.

What efforts are needed to meet the challenges of the future?

Kaspersky: If we are just talking about our company in isolation, it will be impossible to combat future threats. Even the whole antivirus industry together will lose the battle if it relies on technology alone. We need efforts from different spheres in order to combine our strengths against malware. Countries must implement legislation that enables online crime to be punished. Governments must introduce special police units to ensure that the criminals can actually be caught. If they do not end up behind bars, they will be writing five new viruses again the day after.

There also needs to be more education and communication. Users need to know that information on electronic devices is not secure. That goes for cell phones and PDAs in particular. Many users still think that viruses only attack computers, but they are wrong. Although cell phones are more closed systems than PCs connected to the Internet, the number of malicious programs for mobile devices is growing at an unbelievable rate. They are allowed to spread through people’s negligence. You always have to push a button to spread malware, and many people simply press this button and send the infected message. This attitude will only change if the media, experts, and manufacturers and distributors of these devices continuously inform their users.

What is the situation regarding IT security in enterprises?

Kaspersky: One major challenge is that more and more attacks are coming from the enterprises themselves. Today we often find trojans that internal employees with contact to writers of malware have introduced into the company.

These attacks are particularly dangerous because the insider knows the enterprise’s organizational structure and security system. The malware is tailor-made as a targeted attack on a specific company, and is therefore very hard to detect. The attacker can obtain and exploit information that someone outside the company might not even understand.
I have to admit that all our countermeasures here to date are insufficient. But the trend toward targeted attacks has resulted in a multilevel concept that combines heuristic methods of detection, proactive prevention measures, signature-based virus scanners, and security policies. This is a positive development, as it bridges the gap between antivirus software and internal activities in the enterprise in order to protect against illegal access to data.