Symantec intensifies fight against PC viruses

A BUSINESS park in Blanchardstown is an unlikely battlefront in the war on cybercrime but for eight hours a day, every day, a…

A BUSINESS park in Blanchardstown is an unlikely battlefront in the war on cybercrime but for eight hours a day, every day, a security response team watches for signs of suspicious activity.

Unfortunately, they seldom have to look far: since 2007, there has been a 265 per cent increase in malware – the industry’s name for viruses, worms and assorted programs that can infect PCs.

“In 2008, we produced more antivirus signatures than we did since the beginning of Symantec,” said Kevin Hogan, director of Symantec’s response centre.

Symantec, the world’s largest security software company, operates the site in west Dublin, the largest of three such security response centres along with Culver City in the US and Tokyo in Japan. The team deals with security problems reported by customers, in addition to scanning the internet for new threats.

READ MORE

The nature of those threats is changing, added Mr Hogan. “A virus like Netsky or Bagle in 2005 was a single-file threat and was in itself a single attack.

“In 2009, we’re talking about multiple files in a single attack. You get these chains of files used to achieve one end result.” That could be a malicious file downloaded from a website which, more often than not, is used to steal from the victim.

“It’s more dangerous because the payload does more damage than five years ago, when a mass mailer would just chew up your network bandwidth and annoy you. Now the payback is to take money from you,” said Mr Hogan.

In a demo, Symantec virus analysts showed a file posing as antivirus software telling the user their PC is riddled with infections and demanding up to $100 to delete the offending files. In reality, the computer was never infected at all – it’s just a scam.

Senior security response engineer Seán Kiernan said social engineering tactics are a common way of fooling people into downloading malicious programs.

The lure of a free game, program, or a video file could include a hidden piece of code that is installed without the user knowing.

“With these bundled applications, you get a game and a whole lot more besides,” he said.

Other threats include keystroke loggers that check PCs for credit card or bank account codes.

In the face of such threats, some commentators believe traditional antivirus is obsolete. Mr Hogan acknowledged that the software has to change and the industry is looking at better ways of preventing attacks.

Intrusion prevention systems are being included as a way of preventing people from running a file that could contain malicious code.

A bigger problem for the antivirus industry is its standard practice of operating a blacklist of known malware programs. This is difficult to maintain in the face of constantly emerging threats. Categorising all the good programs isn’t an option either for the same reasons.

Symantec has come up with a different approach: in the same way as visitors to Amazon or iTunes rate books or music for others, Symantec can survey close to 30 million customers anonymously online, using a series of criteria to assess whether a program is benign or malicious.

“If a piece of software is installed on millions of machines, it’s probably good since malicious code is designed to be stealthy,” said Thomas Parsons, senior manager for quality assurance with Symantec.

Since the scan automatically excludes known good files, this will reduce the time needed to run an antivirus scan, which though necessary often slows down a PC’s performance.

More importantly, it should also reduce the chances of infection since the software will be able to stop suspicious files before they have a chance to attack a PC.

“Where we have high confidence the file is bad, based on reputation alone we will block the file,” added Mr Parsons.

This reputation scoring feature will be included in Symantec’s Norton consumer security software to be launched later this year and will be added to its business products after that, he added.