Skip to content

You can’t go wrong with Hong Kong.

It had been what seems like eons since I’d checked into a hotel which I simply had to tell you about separately due to its specialness. I get to stay in some real nice hotels on my travels, it has to be said, but only once a blue moon do I come across one that’s just… exceptionally and extraordinarily exquisite :).

So I must show you a few pics of where we were last week. We were in Hong Kong, having our APAC Partner Conference – in the HK InterContinental on the shore of Kowloon. And, oh, by the hammer of Thor, what views it offered of the skyscrapers across the bay. I won’t come up with OTT adjectives, I’ll just let you have a look for yourselves…

One thing I will say is that these views never fail to impress no matter if it’s day or night, or clear and sunny, or during a typhoon! It’ll be here we’re staying at next time, that’s for sure…

DSC01833

Hong Kong by night

Read on: More skyscrapers, close shot…

We’re 17!

We have a tradition at KL where mid-July each year we throw a company birthday bash. Last Friday it was our 17th, leaving us just one more year before we become fully adult! So a youthful theme was what we were after this year – our final year of innocent adolescence…

…The organization of this year’s festivities however were truly adult in nature. Everything went smoothly and to plan. In fact every year these summer blowouts just get better and better. But I for the life of me can’t imagine how this year’s is going to be improved on. But I say that on every birthday. True to tradition once again the organizers went one better :).

Kaspersky Lab Birthday Party

Kaspersky Lab Birthday Party

I guess a sweater, jumper or sweatshirt on the singer just wouldn’t have been right :)

Kaspersky Lab Birthday Party

Read on: So what stuck in my mind most of all?…

Our antivirus formula.

Every system is based on a unique algorithm; without the algorithm there’s no system. It doesn’t really matter what kind of algorithm the system follows – linear, hierarchical, determined, stochastic or whatever. What’s important is that to reach the best result the system needs to follow certain rules.

We’re often asked about our products’ algorithms – especially how they help us detect future threats better than the competition.

Well, for obvious reasons I can’t divulge the details of our magic formulae; however, what I will be doing in this tech-post (perhaps the techiest post on this blog ever) is open ajar the door to our technological kitchen – to give you a glimpse of what goes on inside. And if you still want more info, please fire away with your questions in the comments, below.

Read on: A very brief look at our Coca-Cola-like ‘secret’ magical formula in a little over 2000 words…

Isn’t it good, Norwegian fjords.

I’ve made up a list of what I feel are the Top-100 Must-See Places in the World. Number 45 in that list is ‘Norwegian fjords’ – and the entry under it says ‘Haven’t been’. But that was before last weekend. Now it needs amending to ‘Been there, done the akvavit’.

Norwegian Fjords

Read on: Turquoise water running down the cliffs…

Beyond good and evil?

A few days ago Microsoft announced a large scale raid on the dynamic DNS service No-IP, as a result of which 22 of its domains were seized. The guys in Redmond said there were very good reasons for this: No-IP hosts all kinds of unpleasant malware; No-IP is a breeding ground of cybercriminals; No-IP is an epicenter for targeted attacks; and No-IP never agrees to working with anyone else on trying to root out all the badness.

Like in most conflicts, the sides have exchanged the contradictory volleys of announcements in the eternal tradition of ‘it’s his fault – no she started it’.

In particular, No-IP has said it’s a real goody-two-shoes and always willing to cooperate in eliminating sources of cyberattacks, while its clients are most displeased with the raid and consider it an illegal attack on legal business – since it’s possible to find malware practically anywhere, so interrupting services through a court is simply not on.

In the meantime, the result of the raid has been rather far-reaching: more than four million sites were pulled, including both malicious and harmless ones – affecting 1.8 million users. Microsoft is trying to sieve the wheat from the chaff and get the clean sites back up and running; however, many users are still complaining about ongoing disruption.

To work out who’s to blame is a thankless and probably hopeless task. I’ll leave the journalistic investigations to… the journalists. Instead, here let me give you some food for thought: dry, raw facts and figures – so maybe/hopefully you’ll be able to come to your own conclusions about the legality and ethicality of MS’s actions, based on those facts and figures…

1)      Shutting down 22 No-IP domains affected the operations of around 25% of the targeted attacks that we keep track of here at KL. That’s thousands of spy and cybercriminal operations ongoing for the last three years. Approximately a quarter of those have at least one command and control center (C&C) with this host. For example, hacker groups like the Syrian Electronic Army and Gaza Team use only No-IP, while Turla uses it for 90% of its hosts.

2)      We can confirm that out of all large providers the No-IP dynamic DNS was the most unwilling to cooperate. For example, they ignored all our emails about a botnet sinkhole.

3)      Our analysis of current malware shows that No-IP is often used by the cyberswine for botnet control centers. A simple search via the Virustotal scanning engine confirms this fact with a cold hard figure: a total of 4.5 million unique malware samples sprout from No-IP.

4)      However, the latest numbers from our security cloud (KSN) show something not quite so cut and dry. Here’s a table showing detections of cyberattacks from dozens of the largest dynamic DNS services:

Service % of malicious hosts Number of detections (in a week)
000webhost.com 89.47% 18,163
changeip.com 39.47% 89,742
dnsdynamic.org 37.04% 756
sitelutions.com 36.84% 199
no-ip.com 27.50% 29,382
dtdns.com 17.65% 14
dyn.com 11.51% 2321
smartdots.com 0.00% 0
oray.com 0.00% 0
dnserver.com 0.00% 0

So – No-IP isn’t leading in the number of detections, even though they’re still really high compared to most.

Here’s some more info for comparison: the % of malware hosts in the .com zone makes up 0.03% of the total; in the .ru zone – 0.39%; but in No-IP the figure’s 27.5%!

And now for other figures that add a bit of a different perspective: in one week, malware domains on No-IP generated around 30,000 detections, while in the same week on one of the most malicious domains in the .com zone, the figure was 429,000 – almost 14 times higher. Also: the tenth most infected domain in the .ru zone generated 146,000 detections – that is, about the same as the first ten providers of dynamic DNS mentioned above put together!

To summarize…

On the one hand, blocking popular services that are used by thousands – if not millions – of typical users: it ain’t right. On the other hand, closing spawning grounds for malware is right – and noble.

But then mathematics takes on the role of devil’s advocate, and proves:

Quantitatively, closing all the domains of No-IP is no more effective in combatting the distribution of malware than closing one single top malware domain in one of the popular zones, i.e., .com, .net, or even .ru. Simpler put, even if you were to shut down all providers of dynamic DNS – the Internet still wouldn’t become ‘cleaner’ enough to notice the difference.

So there you have it – ambiguity with a big A. 

It leaves anyone in their right and honest-with-themselves mind to admit things are far from black and white here, and as regards the right and wrong, or good and bad, or Nietzsche’s thing – who can tell?

Still, another thought comes to mind at some point while reflecting on all this…

It’s further evidence that as soon as the quantity of piracy or degree of criminality gets above a certain threshold, the ‘powers that be’ get involved all of a sudden and start closing services, ignoring any notions of Internet freedom or freedom to do business. It’s just the way things are, a rule of life of human society: If it stinks, sooner or later it’ll get cleaned up.

The list of blocked services is already rather long: Napster, KaZaA, eMule, Pirate Bay and so on. Now No-IP’s been added to the list.

Who’s next?

// Bitcoin? It’s already begun.

 

The rainiest city in Europe. Allegedly.

According to various sites on the Internet, Bergen is the wettest, rainiest city of the European continent. Don’t believe a word of it! Me and some pals were in the city just recently and in all the three days there not a single drop of rain fell on any of us. In its absence was a preponderance of sun – so much so that our cheeks became redder than the king prawns on offer in the Bergen fish market (see pic further below).

And probably up to 200 kilometers away there was nothing but clear sunny skies too, save for a few fluffy clouds. Only on the horizon did there sometimes appear something reminiscent of light rain. The locals were also fairly amazed too – they’ve never known such rain-free summery days here ever!

Bergen, Norway

Read on: fish appetizer, fish main dish and a desert …

Cybernews from the dark side: June 30, 2014

Stock market hacks for microsecond delays.

Cyber-swindling gets everywhere. Even the stock market. First, a bit of history…

The profession of stockbroker was once not only respected and honorable, but also extremely tough. Dealers in stocks and shares once toiled away on the packed floors of stock exchanges and worked silly hours a week, stressed to the limit by relentless high pressure decisions all day (and night). They bought and sold securities, stocks, bonds, derivatives, or whatever they’re called, always needing to do so at just the right moment while riding the waves of exchange rates and prices, all the while edging nearer and nearer to serious heart conditions or some other burn-out caused illness. Other times they simply jumped out of windows to bring a swift end to it all. In short – hardly the world’s best job.

Anyway, all that was long ago. All that hard manual labor has been replaced by automation. Now thinking hard, stressing and sweating aren’t needed: a large proportion of the work today is carried out by robots – special programs that automatically determine the very best moments to buy or sell. In other words, the profession of stockbroker has in large part been boiled down to the training of bots. And to these bots reaction times – to the microsecond – are vital to take advantage of this or that market swing. So speed literally depends on the quality of an Internet connection to the electronic stock exchange. That is, the nearer a robot is physically located to the exchange, the higher its chances of being the first with a bid. And vice versa – robots on the periphery will always be outsiders, just as will those not using the very latest progressive algorithms.

These critical reaction times were recently tampered with by unknown cyber-assailants. A hedge fund’s system was infected with malware to delay trading ability by a few hundred microseconds – which can – and probably did – make all the difference between clinching deals and losing them.

bae-600x255

Read on: Your password for a Twix?…

Wowed by cloud.

Privyet everyone!

There are fascinating, beautiful sights to behold in the furthest corners of the globe, quite a few of which I tend to mention on this here blog from time to time. But sometimes spellbinding beauty can be found right on your doorstep…

Just the other day for example, towards evening the most amazing assortment of clouds appeared over the reservoir next to our Moscow HQ office. First there were pure white fluffy clouds basking in the bright sun, and then a thick thatch of dark and angry low cloud came along as if pushing the fluffy cumulus out of the way. Alas, by the time I’d fetched my camera most of the particularly unusual dark cloud had passed, but I did still manage to snap some of the proceedings…

Little Fluffy Clouds

Read on: Little Fluffy Clouds…

Cybernews from the dark side – June 24, 2014

Patent trolls – continued.

Here, alas, passions are still running high, with the occasional fit of… passion. Indeed, the issues related to patent parasites haven’t gone away; it’s just that only the most interesting – ‘loudest’ – cases ever get heard about. But if you dig deeper, you eventually hit upon stuff that is interesting, just not paid attention to. Which is what we did – and found quite a bit on patent trolls worthy of the title of this blogpost. So, he we go…

The irony’s all too much.

For this item I didn’t have to dig all that deep actually – I just checked Ars Technica. There I found some rather familiar glorification of the patent aggregator RPX – made out to be a sweet and innocent protector of orphans, the poor, and princesses (from dragons). I just couldn’t believe what I was reading: “RPX works by selling memberships to companies that feel harangued by patent trolls, including Apple and many other tech companies. RPX basically buys up patents it believes will be used by trolls. By uniting the buying power of many companies, it can get the patents for a bargain price.”  Well, maybe I could believe it… I was just so rattled at being reminded of the hypocrisy.

WHAT? RPX is some kinda anti-troll? And trolls may fly…

We first came across this so-called anti-troll in the year of its creation, and were one of the first to bite it back – successfully.

Read on: a simple arrangement…

Retro MOW for da partnero, aiii.

Now, for any Moscow drivers who were held up one recent sunny afternoon by an army of retro-mobiles slowly edging along Leningradsky Shosse and Prospect – SORRY! It was us, KL, putting on some old-school Ritz for our highly valued partners from all over Western Europe.

Kaspersky Oldtimer Rally in Moscow

The smiles are contagious…

Kaspersky Oldtimer Rally in Moscow

‘State Duma’ [Parliament]

Read on: So what was all this about?…