Expert: Digital underground is always a step ahead of defense experts


For computers and smartphones, there is no absolute protection against attacks by digital activists, criminals or spies for the foreseeable future. "We do not win the fight like that, " said the security expert of the software company McAfee, Toralv Dirro in a conversation of the news agency dpa. "Much more needs to happen, especially in the direction of effective international cooperation between investigative authorities."

In the digital underground there is a rich offer to buy software for botnets and tools for malicious software, explains Dirro. "This allows you to reconnect your Trojans daily." Trojans are malicious programs that pretend to be of use to the victim and perform their treacherous work after installation, such as putting the computer under the control of an attacker. A botnet is a composite of computers remotely controlled without the knowledge of their users.

Traditional antivirus software can not keep up with the constant malware modifications. "The attackers test their Trojans until they are no longer recognized by locally installed security programs, " explains Dirro. "Then the attacker can start sending this Trojan to a few hundred thousand or millions of addressees, often as a file attachment." Usually he finds someone who falls into the trap and, contrary to all urgent recommendations, clicks on an attachment without knowing the sender.

More effective, because more up-to-date is the protection from the cloud, ie distributed data centers on the Internet. "These cloud-based methods also detect files whose signatures are not stored but suspicious, " explains Dirro. So-called "spam traps" specifically collect the mails with the malware. If detected early, users of the cloud service can be warned in good time.

"Another way is the combination of software and hardware." McAfee, which has belonged to the chip manufacturer Intel since 2010, uses a technology of certain processors, which is intended to partition off virtual machines. "This allows us to monitor file accesses over the operating system and block suspicious changes, " explains Dirro. The corresponding Deep Defender product was launched earlier this year and is currently being tested by enterprise customers.

Attack targets are increasingly mobile devices. "Over the last three quarters, we've seen a massive surge in Trojans on smartphones, " says the McAfee expert. "It starts with simple stories, such as texting SMS to premium services, other Trojans turning bot cell phones into botnet clients, and individual programs giving attackers complete control of the device, recording phone calls and uploading them to a server . "

In order to detect new developments in the underground scene, criminal investigators such as security experts stay in their discussion forums - as far as they get in there - and chat channels. "In the IRC chats we have bots for logging in, " explains Dirro - these are software robots that record communication in chat rooms using the technique known as "Internet Relay Chat" (IRC). IRC chats are public and often used by politically motivated hackers, hacktivists. "To avoid being kicked out of a chat room, you have several bots running, " explains Dirro. "They also talk to each other from time to time, so they do not attract attention." (Dpa / tc)