Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries.

The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.

Altogether the criminals have earned an estimated 790,000 roubles, or $25K. Moreover, they have caused other damages by blocking or crashing a yet to be determined number of personal and company PCs. Very often people have needed to re-install the OS and all software and then restore data from backups - even after paying the ransom.

But I wanted to focus on the outcome – or the possible outcome of this incident, not on the investigation, arrests and so forth.

There seems to be quite a loud response to what I thought was a rather simple idea. In this post, I am going to go over the main points – somewhere when I have more time I’ll share my ideas in detail so people could see exactly what I am proposing.

1. Common users are NOT anonymous for police and governments. Today the authorities can find any person they are after easily. There is a wrong perception about Internet-anonymity – very few people realize that it does not exist for ordinary users. But the worst part of the story is that the ones who are truly anonymous are professional cyber criminals, because they know what to do to hide their real identities in the Internet. That is why we have millions of malicious programs and successful network attacks every years, and we don’t know who’s behind of them.
2. When I say "no anonymity" I mean only "no anonymity for security control". I don't care about the way people behave on blogs, forums, social networks and pirate torrent portals. You may use nicks or real names as you want (as we do today). The only "no more anonymity" improvement - you MUST present your ID to your Internet provider when you are connecting online. It is only the provider who needs to know your real identity.
3. Another way to go is dedicated anonymous networks and dedicated business/gov networks - why not? But all LEGAL businesses/services will want to use secure networks, and unsecure networks will be probably limited to casual communication.
4. When is it going to happen? Never… or in one-two generations. After some really serious IT- incidents, which will have a serious impact on national and\or global economies. I am now talking not only about cybercrime, but also about cyberterrorist attacks. We already see the first signs of emerging cyberterrorism – and global anonymity is a really favorable factor for these people.

   Imagine that everyone flying in your plane is anonymous, so you don’t know who they are and what they’re up to – are you really going to approve of this? And Internet is as critical and as vulnerable as the air transportation network. So why do we have different security standards for these two global networks?

5. But we are already on the way – some European countries have introduced digital IDs, which they use for secure online banking and in some cases for online voting. National and municipal elections via the Internet are not a matter of science fiction – they are already here, and ID authentication is a vital part of such election systems.

   Another prototype of e-passports is the two-factor authentication we now use to access corporate networks. The only thing that is missing today is a common standard.

Anyway, I am happy to see that my ideas have raised so much discussion; I think that open public discourse and idea-sharing is the only way to make Internet a safer and a better place.

The so-called 'malware obfuscation contest' proposed by the folks at Race to Zero is already generating contradictory discussions.

IMHO - either something is ethical or not...and I firmly hold that creating new malware to bypass security products 'for fun' is not!

We anti-virus researchers have always opposed the creation of new malware under any circumstances. The only excuse for creating malware in test environments that ever sounded vaguely reasonable was the old "we need to create new samples in order to study attack methods in detail".

Let's get real folks - we are seeing new samples by the thousands today - we have more than enough 'live' malware to study in order to improve our technologies. So even if this excuse was "sort-of-maybe one-time-only almost-acceptable" once upon a time, it is NOT acceptable in 2008.

Ah, numbers: there are simple numbers, magic numbers, lucky numbers and unlucky numbers. There are people who are scared of numbers, people who don't understand numbers, people who love numbers, and people who ignore numbers. Me...I love numbers and always pay attention to how they sound and taste.

Yesterday some of us got on a flight to Boston from NYC. As the computer produced my boarding pass, I watched the numbers unfold and saw that this was a special day: number 13 was the name of the game.

13 - the date
13 - the flight number - with the 2 and 0 voided by the 20 in the gate number
13 - the boarding time

AND

3 + A in hexadecimal is 3 + 10 =13

Four 13s on one boarding pass!! Wow - I'm amazed I survived! How did I do it, you might ask if you happen to believe in the bad luck 13 brings?

I don't know: maybe it was because the flight departed at 200P or APR 2008 =14 if you add the digits in that line. And finally, it was my 14th flight of the year, not the 13th.

So, I survived and I'm completing this US tour with a day in Boston. Flight number 15 of the year will be tomorrow and I'll be looking at new numbers.

We're going to be at InfoSecurity Belgium in Brussels over the next two days.
I'm here with our team - we've got advice on how to stop cybercriminals and malware in their tracks.

Joining us will be Jean-Marie Pfaff, named by Pele as one of the world's greatest living footballers, who will share top tips and tricks on how to stop the opposite side from scoring too many goals.

Come by and see us at booth B067 to discuss football and malware - the new approach to risk management.

Developing a global presence - that's far from an easy job. Traveling to different time zones, hopping from city to city, from hotel to hotel - although this might sound fund, it's not relaxing. But from another point of view, it's what has to be done to develop the company: listen to other's points of view, present our position, educate users and develop markets. And on a personal note, it is interesting to have the opportunity to visit so many new places, meet so many new people and hear so many new accents.

Last week we started our trip over the East Cost with four presentations in Boston, and more than 150 people from the local IT industry attending. Right now I'm in the plane with others - Steve, Randy, Chris, John, Jennifer, Shannon and Darcie, enjoying the life 32000 feet above the ground. And with several cities behind us there are also several ahead of us.

If any of you want to drop in - we'll be in Mexico soon!

ComputerWeekly.com provided us here at KL with a giggle today.

Boy, are we glad that it wasn't one of us :-))).

Do you think that installing Linux on an iPod is a waste of time? If you work in an anti-virus company it's not – you’re preparing the device to play with the first known virus for iPod.

It’s a typical proof of concept sample, showing that here’s another device that can be infected. It took us time to run the sample because the virus has bugs and sometimes crashes the system with Linux debug messages.

Overall, I don't think iViruses will cause serious problems in the future. The iPod world is very different from the PC and smartphone world. Users aren’t constantly installing new software and downloading a wide range of files, so that cuts down on the possible infection vectors. And what’s there to steal from an iPod? Multimedia files, and that's about all.

So – it was an interesting little puzzle, this proof of concept, but nothing more.

We just got contacted by a Russian user whose machine picked up Junkie, an old multipartite threat that infects COM files and the hard disk MBR

We haven't seen anything like this for a while. With all the changes in technology, I wonder how much longer Junkie and its like will manage to survive.

Google Translate seems to think so! And it works in both directions...

Update 12.12.06: Google Translate has now fixed this issue.