The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

In the beginning there were only malware and machines to be infected, with no money in the middle - only a will to get “fame” by coding. A few years ago this situation changed drastically and today the cybercrime ecosystem is much more complicated, including as much as 7 key elements. This starts with the coders, who only develop the malware, then sell it to other criminals while offering service support. The criminals who buy it distribute it among other cybercriminals and money mules.

What’s the problem here? In general the AV industry still fights the same way as 15 or more years ago. We detect more amounts of advanced malware yet more appears every day. It’s like cutting a weed but leaving the root - it just grows up again and again...


In this webcast, Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, shares his extensive knowledge of the driving forces that power the modern cyber-criminal ecosystem and discuss the way that cybercrime operates. He covers the latest developments in the security technologies and describes how he sees the security industry developing in the nearest future. Additionally, Eugene pays particular attention to showing how modern cloud security solutions not only protect users and businesses, but can seriously impede the cyber-criminals' black economy, thereby significantly reducing cyber-crime.

Comment      Link

    Last week I participated in a student workshop at the “Pontífica Universidad Católica del Ecuador” – PUCE http://www.puce.edu.ec/ . The workshop wasn’t geared only for technical students but was also aimed at students studying law and jurisprudence. During the sessions, we discussed ways to obtain and to join electronic evidence related to malware attacks, how to interpret them and to present to law enforcement for prosecution of cyber criminals.

We also analyzed the ongoing merging of classic (traditional) crime to cybercrime in terms of document-cloning, grooming and other crimes.

I believe these initiatives are very important for current students and future law professionals to get a clear understanding of the modern attacks, the legal limitation the reform that is needed to improve the battle against cyber crime.

Comment      Link

Last week I attended one of the most important IT security conferences in Latin America – B:Secure. Five different AV vendors participated in it.

The event took place in Mexico and Kaspersky Lab provided information about the current underground business model and why the cybercriminals are so keen to find new victims.

We also participated in a panel discussion with some of the region’s most noted experts, where we discussed cloud computing, mobile attacks and other conventional security issues.

On this occasion, representatives from the cybercrime units of various law enforcement agencies were on hand to join in the discussion. I strongly believe that only through the joint efforts of customers, governments and IT security vendors can we reduce the number of successful cyber-attacks against citizens worldwide.

The complete agenda in Spanish can be found here: www.bsecureconference.com.mx

Comment      Link

While Eugene’s busy taking bets (wonder how much he’s going to make?), I’ve been having a think about the Winlock case.

Russian law enforcement is estimating that the bad guys could have raked in as much as $1 billion. While it’s difficult to be certain about the exact amounts involved (obviously they spread their money across a lot of different accounts to avoid attracting attention), a little bit of simple math makes me think this figure isn’t as crazy as it might sound.

Our statistical analysis tells us there could be around a million people who’ve been infected. 10 cybercriminals, each getting a cut of a ransom between $10 and $30 - even though they were paying out $3 per infection to the people willing to spread this malware, the numbers add up pretty quickly.

Opinions|The Winlock case - I'm taking bets!

Kaspersky Lab Expert
Posted September 01, 02:25  GMT
Tags: Ransomware, Cybercrime Legislation, Malware Creators

Interesting news on Trojan SMS Blockers (Winlock etc). These programs block Windows and demand a ransom in the form of a text message which is sent to short number for a fee. It's a very popular type of racket at the moment, both in Russia and a few other countries.

The whole affair has now reached the General Prosecutor’s office of Russia – the criminals have been identified and detained (or so it seems) and will be prosecuted in Moscow soon.

Altogether the criminals have earned an estimated 790,000 roubles, or $25K. Moreover, they have caused other damages by blocking or crashing a yet to be determined number of personal and company PCs. Very often people have needed to re-install the OS and all software and then restore data from backups - even after paying the ransom.

But I wanted to focus on the outcome – or the possible outcome of this incident, not on the investigation, arrests and so forth.

Incidents|A black hat loses control

Kaspersky Lab Expert
Posted October 22, 09:06  GMT
Tags: Cybercrime Legislation, Malware Creators

Malware writers today always try to conceal their identities, right? Wrong – even some of today’s profit driven cyber criminals reveal their identities. We are a bit surprised, but here is the story of how a blackhat has revealed his identity and is trying to ‘get compensation’ from Kaspersky for conducting research.

Recently we have been looking into a new service for malware writers: [avtracker dot info]. This is an online service designed to track AV vendors. The home page of [avtracker dot info] describes the service which includes protection for malicious programs against analysis by malware researchers and also calls for a DDoS attacks against security companies:

Moreover, some of our fellow researchers shared a network request with us that was used to report back to [avtracker dot info]. This request was used in a special spy program which was distributed to various antivirus labs by the owner of [avtracker dot info]. If executed, this spyware would contact the owner and describe the environment of the infected machine. We played around with this request, and substituted various random strings instead of the user name and system parameters.

The WHOIS listing was of no use – [avtracker dot info] was registered anonymously. This was no surprise – cyber criminals usually do register domains anonymously to hinder identification.

So far, nothing out of the ordinary – a normal day in the life of an antivirus company. And then…surprise – the owner of the malware writers’ service contacted us and revealed his identity. Moreover, he even demanded a ransom of 2000 euro to compensate his purported losses when we attempt to ‘break’ his new toy.

At the time of writing, we have received the spy program, which had the following message in its code pointing to the same person who contacted us:

Naturally, we have gathered all relevant data and forwarded it to our lawyer who will now take the next steps. If all cyber criminals were as cooperative as this one, life would be much easier for AV companies.

Comment      Link

Opinions|Epassports and anonymity - what I think

Kaspersky Lab Expert
Posted October 20, 16:14  GMT
Tags: Cybercrime Legislation

There seems to be quite a loud response to what I thought was a rather simple idea. In this post, I am going to go over the main points – somewhere when I have more time I’ll share my ideas in detail so people could see exactly what I am proposing.

  1. Common users are NOT anonymous for police and governments. Today the authorities can find any person they are after easily. There is a wrong perception about Internet-anonymity – very few people realize that it does not exist for ordinary users. But the worst part of the story is that the ones who are truly anonymous are professional cyber criminals, because they know what to do to hide their real identities in the Internet. That is why we have millions of malicious programs and successful network attacks every years, and we don’t know who’s behind of them.
  2. When I say "no anonymity" I mean only "no anonymity for security control". I don't care about the way people behave on blogs, forums, social networks and pirate torrent portals. You may use nicks or real names as you want (as we do today). The only "no more anonymity" improvement - you MUST present your ID to your Internet provider when you are connecting online. It is only the provider who needs to know your real identity.
  3. Another way to go is dedicated anonymous networks and dedicated business/gov networks - why not? But all LEGAL businesses/services will want to use secure networks, and unsecure networks will be probably limited to casual communication.
  4. When is it going to happen? Never… or in one-two generations. After some really serious IT- incidents, which will have a serious impact on national and\or global economies. I am now talking not only about cybercrime, but also about cyberterrorist attacks. We already see the first signs of emerging cyberterrorism – and global anonymity is a really favorable factor for these people.

    Imagine that everyone flying in your plane is anonymous, so you don’t know who they are and what they’re up to – are you really going to approve of this? And Internet is as critical and as vulnerable as the air transportation network. So why do we have different security standards for these two global networks?

  5. But we are already on the way – some European countries have introduced digital IDs, which they use for secure online banking and in some cases for online voting. National and municipal elections via the Internet are not a matter of science fiction – they are already here, and ID authentication is a vital part of such election systems.

    Another prototype of e-passports is the two-factor authentication we now use to access corporate networks. The only thing that is missing today is a common standard.

Anyway, I am happy to see that my ideas have raised so much discussion; I think that open public discourse and idea-sharing is the only way to make Internet a safer and a better place.

Comment      Link

Incidents|BBC crosses the line again

Kaspersky Lab Expert
Posted March 19, 22:06  GMT
Tags: Cybercrime Legislation

BBC reporters, posing as fraudsters, have bought UK names, addresses and credit card details from a 'broker' of stolen data in Delhi, India. It seems that one in seven of the cards they bought were valid. The BBC has notified the owners of the stolen details.

The BBC ran the story on this evening's News at Ten TV programme and has posted details on its web site.

This is the second time this week that the BBC has dealt with those on the wrong side of the law. Although this case differs from the previous one, we still firmly believe it's the wrong way to highlight the dangers of cybercrime.

Comment      Link

Incidents|Smack on the bot for the Beeb

Kaspersky Lab Expert
Posted March 12, 17:03  GMT
Tags: Botnets, Cybercrime Legislation

The BBC’s Click program has been getting quite a bit of publicity after it “acquired” a botnet. It used the botnet to send spam (to specially created addresses) and bring down a website (with the consent of the site’s owners). This was all done in the name of consumer education.

Normally, the BBC does a great job telling people about the potential dangers of computing. But this time they’ve gone about it the wrong way. The Computer Misuse Act clearly states that a person is guilty of an offence if “he causes a computer to perform any function with intent to secure access to any program or data held in any computer”.

I’m not a lawyer, and smart lawyers often manage to find loopholes in the law. But I do work for a security company, and it’s my view that the Click guys certainly broke the spirit, if not the letter, of the law.

Accessing other people’s computers is wrong. Accessing other people’s computers to create TV content, even with the best of intentions, is very wrong indeed.

Comment      Link