Kaspersky Lab: we are not an antivirus company
“We are called an antivirus company. But this is not the case, ”says Kostin Raiu, a leading security expert at Kaspersky Lab in Eastern Europe. “The main threat now is Trojans. Global epidemics of worm viruses have almost stopped by 2008. Cybercriminals are now using silent, small-scale attacks, being below the antivirus “radar” of early detection, and constantly competing with each other, ”adds the already leading Kaspersky expert in the UK David Emm. These and other experts of the Russian company spoke about the work of the Laboratory in the framework of the international press tour, which started in Moscow on Friday.
The cessation of epidemics, according to Kaspersky, nevertheless does not mean reducing the threat to computer security. The malware signature base has grown almost 3 times over the past year, from 500 thousand to almost 1.4 million. The main motivation of the criminals is the trivial profit from gaining access to personal data of users, blackmail and extortion, forced advertising and theft of virtual property (for example, online gaming accounts).
But besides that, the political motive plays a big role. The attacks on resources in Georgia and Estonia, which Vitaly Kamlyuk, the leading antivirus expert of LC, attributes to the now defunct Russian Business Network organization, are among these.
Network criminals today are not interested in the destruction of businesses (which should be especially remembered for victims of extortion) - “normal business for victims means normal business for them,” says David Umm.
')
The computer crime ecosystem consists of several links: bosses (project managers), development (creating malicious code), location (infection distribution channels), management (controlling infected machines and monitoring their vulnerability to counterattacks), data theft (analyzing activity on an infected machine). , spying on the victim) and the channels of money laundering.
The whole process is controlled by cohesive groups. In addition, each link in the ecosystem works according to the service model, providing its services to everyone. Links are interconnected by intermediaries - brisk and almost elusive one-day sites, IRC channels, etc.
With all this, says David, you can fight only by increasing the general literacy of users and special services. In the meantime, it remains only to develop technologies for protection against threats.
As far as possible, Kaspersky Lab is developing cooperation with software developers, helping them not to make mistakes before the release of products. For example, as Alexander Gostev, head of the global threat research and analysis center, said, they helped the creators of Mail.Ru Agent, who behaved like a typical virus in the system: created several copies of himself in different places, installed dozens of simultaneous connections, etc., from - for which he was constantly blocked by the same Kaspersky antivirus. In addition, “LC” worked with the authors of the popular utility Radmin.
When asked whether they wanted to offer their experience and knowledge as a consultation for a wide range of software developers, as Microsoft does, for example, promoting the SDL program, Alexander said that Microsoft first of all needs to learn how to write secure software. For example, the recent vulnerability of MS 08-067, he says, is very similar to the hole 4 years ago, which at one time led to an epidemic of the Lovesan, Sasser and Rbot worms.
He is also skeptical about the practice of modeling threats in the software development process. “We prefer to deal with real things,” says Alexander. At the same time, Kaspersky Lab is part of key alliances that work with Microsoft to ensure the security of its products.
The cessation of epidemics, according to Kaspersky, nevertheless does not mean reducing the threat to computer security. The malware signature base has grown almost 3 times over the past year, from 500 thousand to almost 1.4 million. The main motivation of the criminals is the trivial profit from gaining access to personal data of users, blackmail and extortion, forced advertising and theft of virtual property (for example, online gaming accounts).
But besides that, the political motive plays a big role. The attacks on resources in Georgia and Estonia, which Vitaly Kamlyuk, the leading antivirus expert of LC, attributes to the now defunct Russian Business Network organization, are among these.
Network criminals today are not interested in the destruction of businesses (which should be especially remembered for victims of extortion) - “normal business for victims means normal business for them,” says David Umm.
')
The computer crime ecosystem consists of several links: bosses (project managers), development (creating malicious code), location (infection distribution channels), management (controlling infected machines and monitoring their vulnerability to counterattacks), data theft (analyzing activity on an infected machine). , spying on the victim) and the channels of money laundering.
The whole process is controlled by cohesive groups. In addition, each link in the ecosystem works according to the service model, providing its services to everyone. Links are interconnected by intermediaries - brisk and almost elusive one-day sites, IRC channels, etc.
With all this, says David, you can fight only by increasing the general literacy of users and special services. In the meantime, it remains only to develop technologies for protection against threats.
As far as possible, Kaspersky Lab is developing cooperation with software developers, helping them not to make mistakes before the release of products. For example, as Alexander Gostev, head of the global threat research and analysis center, said, they helped the creators of Mail.Ru Agent, who behaved like a typical virus in the system: created several copies of himself in different places, installed dozens of simultaneous connections, etc., from - for which he was constantly blocked by the same Kaspersky antivirus. In addition, “LC” worked with the authors of the popular utility Radmin.
When asked whether they wanted to offer their experience and knowledge as a consultation for a wide range of software developers, as Microsoft does, for example, promoting the SDL program, Alexander said that Microsoft first of all needs to learn how to write secure software. For example, the recent vulnerability of MS 08-067, he says, is very similar to the hole 4 years ago, which at one time led to an epidemic of the Lovesan, Sasser and Rbot worms.
He is also skeptical about the practice of modeling threats in the software development process. “We prefer to deal with real things,” says Alexander. At the same time, Kaspersky Lab is part of key alliances that work with Microsoft to ensure the security of its products.
Source: https://habr.com/ru/post/46479/
All Articles