Sunbelt Software’s Research Labs

It looks like your typical small city office building. If you sat outside you would see a myriad of 0ffice workers come and go. However, one of those floors has a most intriguing destination, not necessarily listed on the marquee. Here on an unnamed floor resides the home of Sunbelt Software’s Research Labs, and its comings and goings are not run by the clock. They’re unorthodox and unusual schedule is run by the malicious software investigators that inhabit their workspaces searching for criminals, looking for the bad guys and finding ways to keep them out of your computer and your vital information safe.

Breaking the bonds of their anonymity, we got to sit down with Spyware Research Manager Eric Howes and Dodi Glenn our Malware Response Manager and discover What it takes to be a Malware Researcher.

As you may know, SunbeltLabs is there to provide protection by researching new or upcoming threats and then writing the detections to combat them. The world of malicious software research changes constantly.The lab discovers what the bad guys are doing and the finds ways to keep them out. For instance, PDF files that are easy to send and easy to infect and cause malware to penetrate into your computer.

Eric and Dodi were most forthright about the duties of the lab and what it takes to handle so many malicious software offerings (70,000 per day), that it is ridiculous to even contemplate it and the effort to handle them. Some of their techniques are confidential and should remain as such but I was able to catch a good inside look of what it means to be a malware hunter and what it takes to put it into action. Although it may seem like a glamorous job, it takes some serious legwork and homework to get the job done.

“Basically, our team identifies the malware authors, our researchers find the latest malware in the wild and we then write the detection to handle it,” said Dodi.

Without providing any insider or confidential information, Dodi and Eric told me that one of their methods of detection is what they call the “honeypot system”. A honeypot is a trap set to detect, or counteract attempts at unauthorized use of information systems. Basically, a honeypot is a computer or group of computers that appear to be part of a network but is actually isolated but heavily monitored. It can be used to lure the baddies in or is used to go to known malicious sites.

Another means of detection is investigate and monitor digital behavior patterns of malicious software in order to detect it.

And then there are the Malware Hunters themselves, our team of human researchers each with much experience investigating the human element of malware – the bad guys themselves.

Eric related that “there are malware gangs, groups of malicious individuals that engage in malicious practices and we sort of follow them around. ” Now I was really interested, this is hot stuff and probably somewhat dangerous too. We are dealing with huge sums of money. “Our team is good at anticipating and finding these guys.”

Dodi went on to state, “We follow the trail, locate the domain, track the web sites, follow the trail some more. Sometimes we take them down; sometimes we just follow them and detect the malware these gangs are producing. We then of course write the detection.

One of the things I did not realize is how closely security companies work together. Malware Hunters it would seem belong to a very close knit fraternity and there is much cooperation between companies, even close competitors. As Eric said, “There might be competition in the marketplace but the real deal is that researchers share data.”

Researchers share threat information, conduct sample exchanges as well as any statistical results. It is a pretty close-knit group with much community involvement. He told me there is a certain mindset that researchers have, a certain innate curiosity and a desire to figure out how things work.

There has been quite a transition in malicious attacks in recent times. Obviously, the Microsoft Windows vulnerabilities have been targeted over the years but they have done quite a job at patching and removing the problems. Eric said “Microsoft reaction time is much quicker.”

Recently, the bad guys are finding exploits in other software products, especially Adobe. “Once the bad guys find a route to exploit they go for it. Microsoft is better at getting patches out there and responding quickly. We used to complain about Microsoft, but now not so much. On the other hand Adobe takes months to issue patches, effectively leaving customers at risk.” At any given time vulnerabilities from Flash, Reader, Acrobat, etc. come on the scene,” per Eric.

The key security problems we face today are based on financial gain, the rogue antivirus industry, and for espionage and terrorist purposes. There are innumerable vulnerabilities that the team protects day in and day out.

I asked Eric if he had any tips for our readers and he said “Be aware of what is in the wild. Stay on top of what is going on, visit our labs online! That is a key part of staying protected and keeping others protected.”

Article from Vipre SunBelt Software

Tags: