Share

Related Links

Related Stories

Top 5 Stories

News

RSA: Fake AV Companies Making More Money than Security Vendors

16 February 2011

Having spoken on the ‘Public, meet private: Lessons learned in chasing cyber crooks’ panel at the RSA 2011 conference in San Francisco, Pedro Bustamante, senior research analyst at Panda Security, tells Infosecurity’s Eleanor Dallaway why geography is obstructing cyber legal justice

While Bustamante concedes that law enforcement around information security has improved somewhat, he argues that it is still a slow, long fight when it comes to arresting the offenders. The main reason for this, he insists, is the “international problem”.

The different laws across geographies make it near-impossible to arrest non-US citizens. “The FBI and government are unable to bring legal action against non Americans targeting US citizens unless their country allows an extradition. It is very frustrating for both the public sector and security professionals that international laws are not holding them responsible”. As long as international cybercriminals don’t step foot in the US, they will never serve jail time, says Panda Security’s Bustamante.

“Cybercriminals are getting increasingly good at staying under the radar. They do this by creating a huge amount of smaller botnets.”

US hackers, on the other hand, don’t have it quite as easy, he explains. “The FBI do really good work catching US hackers. They are good at it and do it quickly”.

Crime Does Pay

One of the biggest threats keeping anti-virus vendors like Panda awake at night is the increasingly malicious threat of rogue anti-virus. “What really worries me”, admits Bustamante, “is that often, these companies are actually making more money through fake anti-virus products than security companies do with the real deal”.

“The rogue anti-virus hackers are using some valid, legal anti-virus code – which appears to detect vulnerabilities that don’t exist – and are applying for certification.” To protect themselves from being on the receiving end of such rogue AV, end users should always check for “testing certifications” when choosing their virus protection. They should still use caution and do their research though, says Bustamante, who explains that often copied logos will be falsely displayed on the rogueware sites.

More to Come

For 2011, Bustamante predicts more of the same, and even worse. “I don’t like to do the security vendor thing and promote fear, uncertainty and doubt, and I don’t really need to because the proof is there.” Banking Trojans, he predicts, will become more silent and more dangerous.

To counteract the increasing amount of cybercrime , the security industry will take steps to improve defenses. The Panda analyst uses the newly announced Microsoft quarantine initiative as an example. “I have very serious doubts about this though”, he admits.

While Bustamante admits that the information security industry will continue to remain one step behind the ‘bad guys’, he does acknowledge that to stay in the game at all, it is essential to continue innovation. “You have to innovate every day or you die”.
 

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×