Every couple of minutes around the clock, in an anonymous office block in Russia’s capital, some sort of computer malware is analysed, a defense determined and a database updated to help protect users against yet another threat.
Such is a day at Kaspersky Lab, whose anti-malware products, well-known in Europe, are now making major inroads into the North American market. In October 2008, it was second only to Symantec in the U.S. retail consumer security market according to Port Washington, NY-based NPD Group.
Much of the work is handled by automated tools – with the volume of material coming in, it’s the only effective way to handle it – but for the trickier cases, a group of young men known as woodpeckers (because of their tap-tap-tapping on the keyboard and the fact, says company co-founder and CEO Eugene Kaspersky, that they use their heads a lot) contemplate the malicious code.
Denis Maslennikov was, until recently, one of that company. He looks like an average college kid with his long blonde hair, engaging grin, camouflage jacket and backpack, and he actually is one – he’s studying information security at the Russian State University of the Humanities.
He graduates next June, and he’s completed just over a year and a half as a woodpecker.
Like his fellow birds of a feather, he spent that time alternating between day and night shifts, spending his time dissecting malware and developing signatures to combat it, usually producing a couple of hundred per shift. And, like every woodpecker, he’s out to save the world – just check out the team’s whimsical logo.
The files he looked at came from many sources – from Kaspersky’s crawlers that collect malicious samples online, from honeypots (systems deliberately set up to be malware bait), and from users who submit suspicious samples (part of the job is corresponding with those users to thank them and let them know when a bug has been stomped).
It can be intense work; Maslennikov recalls one 26 hour day exploring a particularly interesting bit of electronic vermin.
Now he’s a senior malware analyst, off the shift work – Kaspersky tries to limit its woodpeckers to 18 months in that routine – and specializes in research on mobile threats. Part of his day is spent in a specially shielded room that keeps cellular and Bluetooth malware safely contained while researchers figure it out and develop defenses.
And if you think there’s no mobile malware to research, think again. In Russia alone, in the first half of 2008, there was a 422 percent increase in mobile malicious software. The majority of it made money for its authors by sending SMS messages to premium numbers which charge the sender for each message they receive, unbeknownst to users (at least, until they saw their cellular bills).
It harkens back to the computer viruses that used to hi-jack modems and make phone calls to 900 numbers.
For example, in October, Maslennikov says, members of a 20 million user-strong Russian social network similar to Facebook received spam text messages, allegedly from friends, offering them a link to a new application that would earn them money towards their mobile accounts.
Of course, it did nothing of the kind. It linked to a JAR applet which, when installed and run, sent SMS messages to premium numbers. It was the first recorded piece of mobile malware spreading on a social network.
Since then, researchers have seen similar tactics in ICQ.
“There are ways for, in the future, mobile malicious software to become more commercial,” Maslennikov noted.
However, he added, one factor that slows down its development is the location of the majority of malware developers – China, Latin America and Russia – where mobile services, especially those which involve money transfers, are not as well developed as elsewhere in the world. Virus writers as a whole, thus, don’t really know how to use mobile services to make money – yet.
Still, Kaspersky’s analysts have already found over 150 mobile threats, and the company estimates that mobile malware can easily net criminals $4 – $6 million per year with just one text message per victim to a premium number.
“The anti-virus industry is in a technical competition with cybercrime,” Eugene Kaspersky said. “It’s two armies fighting each other. The good news is, we’re still in the same position – we don’t win, but we don’t lose either. It’s a very interesting place.”
He won’t get any argument on that point from his woodpeckers.