Kaspersky: Trying to keep one step ahead of the Internet's bad guys

At the Kaspersky Virus Analyst Summit in San Francisco, security experts talk about the lengths that Internet bad guys go to to keep their businesses humming.
Written by Sam Diaz, Inactive on

There's plenty to be scared of in the dark alleys of the Internet. After all, that's where the Internet's bad guys are doing anything and everything - from posing as legitimate businesses to sifting through social networking data - to make a quick and easy buck.

Kaspersky, maker of Internet protection software, is trying to stay ahead of the game with its products but says that to truly fight off malware and other bad forces on the Internet, they also need to educate.

In a sense, that's what the company is trying to do with its Virus Analyst Summits, panel discussions being held in San Francisco and New York this week to discuss the forces at work in the Internet's underground.

In some cases, the methods being used by the bad guys aren't new, but they have grown more sophisticated. Scareware, for example, has grown from the days of a colorful pop-up ad that warns an unsuspecting user that a virus may have infiltrated a computer. The idea there, of course, is that the user will be scared that the computer has become infected and will click on the ads or links to purchase some bogus protection.

Sure, the folks posing as a legitimate computer protection software company could just grab a user's credit card and go on a shopping spree. But instead, they're trying to get customers to renew that bogus sense of protection every three months or so. To do so, they go to great lengths - from a live chat support system to a 24/7 call center - to look like a legitimate company.

On the other side of the spectrum are the identity thieves and hackers who target specific people or groups of people to gain access to computer systems or the information on them. It used to be that hackers going after a particular target would have to study that target, sifting through the Internet to learn the person's or groups behavioral habits. Today, they don't have far to go. The bad guy only needs to scour the Internet for social networking data coming out of sites like Facebook.

On Facebook, of course, we share things such as our locations, our places of employment, our travel plans, our kids names, our birthdays, our political leanings and so on. We might as well post our PIN numbers and passwords on the Internet for everyone to see.

And for those who are looking to spread malware, the methods are tailored for today's common activities. Those who embed viruses, worms or trojans into a PDF, for example, can spread the link to that corrupted file - maybe used to release botnets, spread spam and launch a denial of service attack - through Twitter.

Twitter and Google both showcase trends on Internet searches throughout the day. Knowing what the hot topics are, bad guys can blast out tweets using the popular keywords of the day, along with a dirty link. Likewise, if the bad guys are targeting a particular industry, they can employ the use of hashtags to sneak into the Twitter noise under the radar and offer up some links that some in the pack just might click on.

For the most part, the company is still focusing its efforts on what's happening on Windows PCs - the much bigger net in an ocean of fish. Mobile, as well as tablet computing platforms like the iPad, are really just in their infancy, the analysts said, and aren't yet a haven for bad guys - especially in the U.S.

That's not to say it can't be done. The company is well aware of what's happening with the use of SMS links and so on to infiltrate the mobile space in other countries. But for now, it's not much of a problem in the U.S.

When it comes to fighting off the Internet's bad guys, there is no end to the war. The bad guys can stay under the radar, change their names and, of course, operate in countries where authorities tend to have a blind eye when it comes to these sort of underground activities.

But they'll never go away completely, which is why companies like Kaspersky are trying to think ahead, trying to outwit and outguess or just generally stay one step of the bad guys.

Editorial standards