Can we win the war against malware?

Zatni Arbi ,  Contributor ,  Jakarta   |  Mon, 10/12/2009 2:11 PM  |  Sci-Tech

Could it be a sheer coincidence? Or could it be a sign that the competition among IT security vendors is getting hotter in Indonesia?

Or could it simply be an indication that Indonesia has become one of the world's top producers of malicious software (viruses, worms, Trojans, spam, DoS, phishing, spyware, adware, keyloggers and many others)?

Whatever it was, last week I was invited to two events hosted by two of the top five anti-malware providers. The first was an invitation to luncheon with Eugene Kaspersky, the CEO of Kaspersky Lab, and the other with two executives from Symantec who were here to launch Norton 2010.

Unfortunately, the two events were on the same date and time. I could not cut myself into two, so I was unable to attend both. And, as I had accepted Kaspersky Lab's invitation first, I went to their event.

Then, when I got home, I saw a release from AVG in my Inbox. AVG has released the free and commercial 9.0 version, which AVG claims is 50 percent faster, gives better protection and is easier to use. In addition to all that, I also received an email offer from McAfee to extend my subscription to their Security Center at a discount of 27 percent. Well, I may choose to jump ship to get a better deal, though.

These four IT security software providers are among the best in the world. However, as far as I can remember, it was the first time that the CEO and co-founder of such a company ever came to Indonesia - no surprise, as Kaspersky Lab, which started in Russia, always looked at the global market.

So Eugene was on a trip around Southeast Asia to meet directly with his users, distributors and resellers. Indonesia was the first leg of his trip, and it included a lecture titled "Taking Responsibility for the Internet" at Gadjah Mada University.

According to The Star, Eugene has challenged Malaysian students to conduct research and write papers on several new and interesting topics to be presented at "Kaspersky Lab - IT Security for the Next Generation" in Russia early next year. What I have found very interesting is the areas that the students are encouraged to delve into.

They include, as listed in The Star's report, "future ICT-related problems; psychology of cybercrime; economic structure of cybercrime; online commerce of e-crime; law and security, e.g. intellectual property rights, innovation and transfer of rights; impact, threats and incidents caused by botnets; and measuring malware and spam."

Malware makers are human beings, individuals rather than armies. So the psychology of cybercrime intrigues me a lot. What drives people to create so many hazards to other human beings who want to make good use of the godsend called the Internet? Is it really their need to actualize themselves?

To show to the world that they exist and are capable of causing damage - often irreversible?

"In the past, that was the main motive," said the 20-year veteran Eugene Kaspersky when I asked him. "Today, it is money. There is a lot of money to be made through cybercrimes."

So, not surprisingly, Eugene believes that in the future, cybercrimes are going to be increasingly more pervasive because "the freely growing online exchange of money and data has created an increasingly tempting target".

"Cybercrimes are profitable," he adds, underscoring the fact that criminals have managed to steal large sums of money. Cybercrimes are also easy to commit and, in most cases, the perpetrator does not feel guilty because he does not know the victim personally. Cybercrimes also involve a low level of risk.

Online banking, online data storage, cloud computing, online games, online trading and Web 2.0 have specifically lured cybercriminals. They write Trojans to build botnets, to steal passwords and confidential data, to launch DoS attacks and to encrypt data to extort money from the victims.

Besides, as the CEO said in his presentation, cybercrimes are going to increase because we increasingly use digital devices that run operating systems that have to be flexible but, unfortunately, also vulnerable.

We may not be aware of it, but, according to Eugene, criminals freely and openly buy and sell malicious codes. Malware is so easy to create, and the sellers of the code even go as far as offering a "money-back guarantee" for their codes.

To inject the malware, cybercriminals now use sophisticated stealth techniques. Today's leading malware transmission techniques include spam mailings and infected websites.

Therefore, it is more important than ever not to open an email message that we do not really expect, and check the safety of a website with the use of reliable Internet Security software.

Cybercriminals also focus on the effort to make their malware survive as long as possible. For example, the malware suppresses the warning messages from the anti-virus software and hides the increase in the size of the infected executable files.

With the growing technical sophistication the cybercriminals have, are we fighting an uphill battle against malware?

While the war will continue, we have reason to be optimistic. The main requirement is that we always follow safe practices when using our computer, of course.

Also, the law enforcers are getting more and more technology-savvy. Some of them are now able to analyze the malware and track down the criminals who have written it. Others work closely with IT security experts and let them do the analysis.

"We can proudly say that we have contributed in making a number of cybercriminals spend their time in prison," Eugene said, beaming.

His company was asked to serve as expert witness by the Brazilian police. "I would be very happy if we can also establish a cyber Interpol, as cybercrimes do not recognize national borders," said Eugene.

What about Indonesia? Is it a major source of cybercrimes? According to Gan Suk Ling, Kaspersky Lab's managing director for Southeast Asia, while we do produce a lot of malware and her company estimated there are 50 million attacks here in Indonesia this year, the real malware powerhouses are still countries like the US and China.

Copyright © 2008 The Jakarta Post - PT Bina Media Tenggara. All Rights Reserved.