So, what do you think happens 250 billion times a day? Well, OK, it’s a rhetorical question, especially if you paid attention to the title.  But every day, in total, 250 billion spam e-mails are sent to inboxes all over the world. It sounds like a lot, but let’s be honest, does that number really shock you?

Next, try to define what you think of as spam. Most people assume it’s about Viagra, Nigerian letters and other pathetic, lame scams which jam up your inbox and slow down your daily business. But here’s the thing: spam is far more than just unsolicited ads. That Viagra offer is just the tip of the iceberg, while spam as a phenomenon is a crucial part of a huge cybercrime ecosystem. And the apparent “innocence” of spam is the illusion that I will be debunking here.

The technical foundations of the cybercrime ecosystem are botnets. These are huge clusters of computers infected with special Trojans (bots) that allow cyber crooks to remotely control these computers without their owners even knowing about it. That’s why experts also call botnets zombie networks – the computers are modified to obey cyber criminals’ commands as if they are zombies. Sometimes botnets can consist of millions of computers. For example, the notorious Kido (Conficker) botnet contained 7 million bots while TDSS had around 4.5 million bots.

How do they make money from botnets? The economics is quite simple here. Cyber crooks monetize the botnets in several ways including DDoS attacks, advertising services, phishing, data theft, etc. The picture looks something like this:

Read more: So, what is the big deal about spam?

Costin Raiu, one of our top generals in the war against malware, recently published an interesting post on the ten most significant events in the security field in 2011. I liked it; and the idea of a top-ten; so much so I decided to come up with my own. It mostly matches Costin’s report, but somehow this is a slightly different view. It’s not just regarding the past year – it’s a little broader: tendencies in the security market and about security in general. An “unofficial”, non-hoity-toity view of the important stuff – both that’s with us now, or that will be soon…

And so here’s my top-ten:

1. Hacktivism
2. Militarization of the Internet and Cyber Weapons
3. Social Networks and Politics
4. The Duqu Cyber-Bomb
5. Widely Publicized Hacks and Industrial Espionage
6. Certification Authorities: the Beginning of the End
7. Cybercrime: as Romantic as Sewage
8. Android Malware
9. Mac Malware
10. Intel Taking Over McAfee – Intel-ligent Move or Epic McFail?

Read More: And now in detail…

For quite a while now we’ve had a bit of an annual tradition in the run-up to the New Year festivities – every December we summarize all the security goings-on of the last 12 months, and then prophesize a bit about what’s in store in the coming year. This year we did our roundup and predictions – covering all sorts of, regrettably, frightening stuff – at a press conference in Moscow last Monday. It was a pretty stylish event – with a hospital theme as you can see from the pic below. But I won’t go over all that again here. Here’s the original text used at the press conference, and here’s a link to the pdf summary.

Here, let me outline the main points in our review/prognosis.

More: Internet access from workplace and Internet passportization …

What is the difference between a nuclear missile and malware?

It’s not a trick question – malware can seize control of a missile, but a missile can’t be used to destroy malware. With the right tools a missile can be diverted by malware, but no amount of firepower can divert rogue software once it is active.

Unlike traditional weaponry, malware can replicate itself ad infinitum. And while a missile can often be controlled in some way, malware tends to attack indiscriminately: nobody knows who it will harm, which corners it will worm its way into. On the inscrutable trajectories of the web, as soon as some black hat launches a malicious program to make some quick cash anything can happen. It’s impossible to calculate what effect it will have, what might be affected by accident and how it could even boomerang back to harm its creators. People tend to make mistakes in everything they do – and writing code, malicious or otherwise, is no exception. There are numerous examples of this kind of “collateral damage” – read my previous post about the fortunes of the Internet .

At least we are now seeing some joint efforts to combat cybercriminals.

The security industry is tightening the screws on them, and the big boys like Microsoft are getting involved. Other different non-commercial and intergovernmental organizations are joining in as well. Governments are beginning to understand that the Internet can be a highway to hell, and are waking up to the need to do something about it. So we are seeing some progress.

However, I’m more concerned about another side of Internet security. The tricks of a cybercriminal will seem trifling compared to a large-scale cyberwar on the web. Yes, you read it correctly – a web cyberwar! This is where things start getting much more complicated and murky.

These are the facts.

More > The military is gradually turning the Internet into one big minefield

Hi everybody!

Time to tell you about a bunch of really exciting events I’ve been to over the past few weeks. It’s been a fairly crazy mini-tour covering Geneva, Dublin and London non-stop. Two or three days in each city and each time talking to some very interesting people on all sorts of hot topics.

It all started with the United Nation’s International Telecommunication Unit (ITU) meetings in Switzerland. The organization is showing great progress towards developing a common approach to fighting cybercrime on an international level. However, I’m afraid I can’t tell you any further details. It was a very hush-hush private meeting behind closed doors where we discussed some issues I can’t share with you at the moment. Nevertheless – stay tuned and soon I’ll be able to uncover some details…

Next up was Dublin and the F.ounders 2011 conference, which we’ve already mentioned here.

Last stop – the London Conference on Cyberspace. This was quite something – in fact, it unexpectedly turned out to be this year’s best event I was involved in!

The conference, organized by the British Foreign Office, took place on November 1-2 in the Borough of Westminster. I would like to thank the British Foreign Secretary and First Secretary of State William Hague for his personal invitation to me to take part in the event. I must say it was a surprise to find myself as the only “boss” from the IT security industry to address the audience. But then on the other hand I think the Foreign Office made the right choice – big-wigs from competitors would only have given the audience the same old BBB (Boring Business Blah blah blah) and spoiled the event!

More > Saving the Internet in London …

As you might guess from the title, today we’ll be talking about rootkits. At heart this is an interesting topic, but often that ‘heart’ is out of sight: in the press rootkits are rarely covered at all, and if they are the articles are filled with nothing but horror stories that have nothing in common with reality. There are of course many technical articles, but these don’t help the wider audience – the general public.

But the problem exists.

The majority of anti-virus software is making great strides towards protection from rootkits. But this isn’t necessarily a good thing, since not all of it does it properly. The ability to fight them first depends on, and is indicative of, the technological progressiveness and overall level of anti-malware expertise of the developer. And not all ‘developers’ are technologically progressive – so their so-called anti-rookit technologies aren’t up to scratch, leaving overall protection against rootkits around the world  lower than it could and should be. And let’s not forget that many botnets use rootkit technologies, and the ability to draw out this contagion is the best protection there is from cybercriminals.

So let’s go through all the salient points about rootkits in order.

More > The basics, the threat and the remedy …

Windows 8 is coming! In line with its tendency to introduce high-profile security features in each new version of its operating system, Microsoft is unleashing some pretty interesting new protection technologies with its next OS release. In fact, some of them may dramatically change the cyber threat landscape and bring the security industry a set of very handy tools for protecting users against sophisticated threats like rootkits.

Today my “in the Spotlight” guest is Alexey Polyakov, the Head of KL’s Global Emergency Response Team, our consulting service that assists enterprises in investigating security incidents, and auditing and improving corporate security policy.

Ever since graduating from Moscow State University with an M.Sc. in Physics, Alexey’s been working in the IT security industry – now for 15 years – with a résumé featuring positions at McAfee, IBM, Symantec and Microsoft.

Prior to joining us at KL Alexey worked as a senior security program manager at Microsoft, where he became the proud founder of the Microsoft Security Response Team and was one of the key members of the company’s security development. He’s authored and co-authored security technologies protected by 12 patents, and one such technology was Secure Boot – perhaps the most ambitious advance in Windows 8 in terms of security.

So, let’s see what our man can tell us about what to expect from Windows 8 from the security standpoint, and how this might change the security market.

Microsoft’s recent ‘Build’ conference made rather a splash in the industry by announcing many useful features in its upcoming Windows 8. While mostly addressing the new user interface, performance issues and multi-platform support, the company also presented a number of security innovations.

What do you think about Microsoft’s products’ security in general?

More > Some nice tools to make cyber criminals’ life harder…

I’m very excited about today’s guest. Very few industry experts know him by name, even though he’s the guy who first discovered the notorious Stuxnet worm in 2010. His name is Sergey Ulasen.

First, a few background words about Sergey. I’m happy to say that he joined the company in August 2011, immediately starting to contribute to the ever growing expertise of our malware analysis team, which now consists of more than 100 experts around the world. He’s a very professional and high spirited man, possessing the expert knowledge and experience for tackling even the most sophisticated threats.

Sergey graduated in 2006 from the Belorussian State Technical University with a B.Sc. in software development. He began his professional career with local anti-virus vendor VirusBlokAda as a programmer. Later Sergey joined the team that engineered the company’s anti-virus engine, and in 2008 he became the team leader. He was also involved in developing anti-rootkit and system rescue technologies, and helped with solving the most sophisticated malware incidents.

Then he joined KL. Me very happy.

Sergey, let’s go back to the moment when your team first discovered the Stuxnet sample. How did it all come about?

See more > Ten questions casting light on Stuxnet’s discovery …

Anti-malware: it’s a dirty job, but someone’s got to do it. Or at least it used to be… but I’ll get to that later…

For your average Joe it can be hard to understand all the finer details of the work of an anti-malware company. But oh how we want to tell everyone about them! So we’re trying as best we can to translate them all into understandable, non-gobbledygook language – not to mention also in the English language!

The tip of the malware-fight iceberg one gets a peek at from collections of facts and figures, which illustrate the basic ins and outs of anti-malware. For example, here we have the kinds of infographics we issue on a regular basis:

[click on the image to see the details]

One of the most frequently asked questions we get is: “How many viruses do you find every day?“.

See more > So, how many viruses do we find every day?

So, my expectations were fulfilled. My recent post on an AV performance test caused more than a bit of a stir. But that stir was not so much on the blog but in and around the anti-malware industry.

In short, it worked – since the facts of the matter are now out in the open and being actively discussed. But that’s not all: let’s hope it won’t just stimulate discussion, but also bring the much-needed change in the way AV tests are done, which is years overdue, and is also what I’ve been “campaigning” for for years.

So, how should AV be tested?

Well, first, to avoid insults, overreaction and misplaced criticism, let me just say that I’m not here to tell testers how to do their job in a certain way so that our products come out top – to have them use our special recipe which we know we’re better than everyone else at. No, I’m not doing that, and anyway, it’s rare when we don’t figure in the top-three in different tests, so, like, why would I want to?

Second – what I’ll be talking about here isn’t something I’ve made up, but based on the established industry standards – those of AMTSO (the Anti-Malware Testing Standards Organization), on the board of which sit representatives of practically all the leading AV vendors and various authoritative experts.

See more > One don’t, one maybe and one definitely yes …