Mikko Hypponen is one of the world's leading experts on computer viruses. His title is "chief research officer" at F-Secure in Helsinki (blog). The first time I met him, in his lab several years ago, he welcomed me with a broad smile and then proceeded to offer a horror show about viruses, trojans, hackers and data security threats in general that almost managed to convince me that the Internet was evil. Since, we've been meeting now and then and exchanging views per e-mail, while the online world grew even scarier. In a speech he gave at the recent Virus Bulletin conference in Montreal, he detailed the origin and functioning of several dozen very creative and very dangerous viruses. With his team of virus-busters (and working alongside other teams around the world) Mikko is in a constant cop-versus-criminal race. "The criminals will always have the lead, but we're getting pretty good at reacting fast", he told me once. I e-mailed him a few questions:
Mikko: what were the scariest data security alerts of the last couple of months?
In place of widespread malware assaults, 2006 has been characterized by targeted attacks which generally do not make the headlines and which have typically one single motivation: money (consider the image below as an example). In such scenarios, a hacker may target a single company, use a cloaking device like a rootkit to conceal a backdoor and extract valuable information for his own financial gain or that of the persons interested in having access to such data.
We've worked on several such cases over the last months: one company was targeted via spoofed emails that seem to be coming from within the company, carrying Word documents as attachments. If you opened the attachment, an invisible backdoor would open up a connection for an outsider to steal anything from that computer or from the company's network.
You say that hackers seems to be turning into attackers: no longer developing viruses and other malicious software for the beauty of it, but in order to intentionally disrupt businesses and/or make money. Fame is being replaced by fortune as motivation for writing malicious software. How strong is this trend?
It started already in 2003: that's when we saw the first for-profit malware. Today, practically all new Windows viruses are written to make money. We're no longer fighting teenagers and hobbyists. We're fighting criminals. We're fighting professionals. We're fighting organized activity.
They also seems to be becoming more sophisticated. True?
Indeed. As our enemy is now doing this "make money" thing - sometimes big money - they can afford to invest in their attack programs. This can be done, for exampe, by hiring unemployed Russian professional programmers to write the malware for you ...and they do the development just like any professional development is done.
How can we handle all that?
We need protection at all levels, and we need to keep the really critical infrastructure off the Net completely. We just introduced our latest weapon in this war: DeepGuard technology, that can detect malware by its behavior as it executes, making it much harder for virus writers to create new, undetected variants of existing viruses.
What kind of systems and applications do you include in the "really critical infra" that should be kept off the Net?
Electrical power plants and electricity distribution networks; water distribution; gas distribution; medical systems; military systems.
Are entreprises more aware, and better protected, than they were a few years ago?
Yes, they are ...at least in the Western world. Places like Turkey and India still have huge problems, the kind of problems we used to have here a few years ago.
How many computer viruses have been identified to date?
Over 200,000. And practically all of them are for systems running Microsoft systems.
That's why for a long time Macintosh users felt that they enjoyed somehow a higher level of protection, given the "niche" popularity of the Mac platform: but it seems that some Mac viruses have been circulating recently.
True...but then again, there are only FOUR real viruses for the Mac OSX. So from this point of view, it's a better choice. Or install Ubuntu or FreeBSD on your PC instead of Windows?
What's the status with wireless viruses?
The first mobile phone virus was found in 2004. We've seen 335 mobile phone viruses so far. Some of them are really spreading in the wild, but obviously this problem is much smaller than the PC virus problem.
Where do you expect the next threat to come from? What form will it have?
Wi-Fi worms, jumping from one Windows laptop to another, reaching organizations' internal network as people physically carry the infection in, bypassing corporate firewalls.