Anti-virus vendors worry about the pace of malware production

Kaspersky Lab's Eugene Kaspersky and F-Secure's Mikko Hypponen spoke out about the growing difficulties in keeping up with cyber criminals.  In a speech at CeBit in Hanover, Germany, Kaspersky stated flatly that, "If the growth in malware continues at the current pace, makers of anti-virus software may not be able to withstand the onslaught" (Andrej Sokolow, "Experts warn war against computer viruses could be lost as onslaught spreads", Gulf Times, 18 Mar 2007).  Hypponen seconded Kasperky's concerns stating that it's getting very difficult to deal with the 40,000 suspected files received from customers each day. 

According to Sokolow's article, cyber-criminals have advantages that they exploit with ever-increasing frequency, including:

  • The sheer volume of malware and the fact that criminal activity on the Internet knows no national borders make it almost impossible to effectively deal with malware threats.  Kaspersky recommends creating an international police agency, similar to Interpol, to aid in intelligence gathering and across border sharing of information.
  • The innocence of humans [gullibility?] that allows criminals to trick them into installing malware on their machines, responding to phishing attacks, etc.
  • Malware production is turning into a worldwide industry.  "[Criminal organizations] are paying programmers the kind of salary that I could never afford," said Natalya Kaspersky, co-founder of Kaspersky Lab.
  • The cost of services delivered is low for malware producing companies.  The systems, and the resources required to operate them, are provided by the infected home or business owner.



Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...


Congress should enact a cogent body of laws to protect the Internet. Protocols should be rewritten to prevent spoofing. Finally, bounty hunters should be able to claim rewards to help clean-up I'net crime. These similar steps were what was required to clean-up the old West. It is time to clean out those varmits.


Unfortunately, this is too much true! Cybercriminals are killing the whole email system, which is near full collapse, due to its ever growing cost. So, it will be time to kill completely unauthenticated SMTP, and create networks based on trust relationships. The only alternative to that will be be make emails delivered only to those that pay some money for the delivery, i.e. making it a normal postal service. May be the future is not in the push technologies, but in pull technologies like RSS readers, that would replace all mailing lists with much lower costs, even for the urrent legitimate mailing list managers (that won't support the transition to a paying postal service, with required "eStamps" or required certificates issued and checked by PKI infrastructures). Really, we need for the long term a new way to exchange and manage authorizations between senders and recipients. The authorization exchange should not allow sending any readable message along with the authorization requests and reply (this will make the system unusable for sending any form of advertizing, or catcha images and tracking cookies). and authorizations should be cancelable at any time by both parties, and non transferable (both parties must be securely identifiable using a traking authorization id to identify each link). emails are so much intrusive and dangerous that many people now refuse to use their mailbox; that's why they use chat (but unfortunately, this requires being online, and this is also intrusive for our private life, so this is not a general solution). There should also exist, in the future protocol, the possibility to create a sender-recipient link that explicitly only allows plain text only messages (so no support for attachments, no MIME encapsulation, no HTML, just the possibility to specify the encoding, or just the support for utf-8). Let's come back to the origin of email where they needed to be short, but add better authentication system to keep our privacy. For more advanced emails (MMS...), the conditions must become draconian, or the emails can reference a content ID located only on known source servers; the email agent will pull the content on user request, not the system will not tolerate pushing content directly to recipients. So it's high time to publish a new RFC for email services, and defining a deadline for the SMTP system. And why do recipients have to support the cost of email storage and retreival? why shouldn't emails be stored directly at the sender's site?

Editor's Picks