IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Behind the scenes: Symantec's malware battle

IT PRO visited Symantec's offices in Ireland to find out more about its fight at the ever-changing frontline of malware.

The security industry is huge, with good reason. IT needs constant policing. Malware and botnets are just two of the ever-changing and increasing threats that users around the world face every day, with the security industry as the main - and often only - defence.

Indeed, there never seems to be an end in sight - leading some to doubt the value of the security industry, believing it exists to scare people and companies into buying products and support they don't really need.

But it is highly unlikely that there will ever be a time where the end-user will not make mistakes or insecure software won't be supplied.

And, as long as humans want to make money, and cybercrime offers an easy way to do so, security companies will need to keep up their work.

Symantec's frontline

It's a battle all security firms face, including Symantec. While the constantly changing frontline has been good for business - the firm was founded in 1982 and now sells to over 40 countries - it's no easy task to keep ahead of malware.

Criminals just don't stand still and many are as intelligent as the white knights of the security industry, with stories of gangs putting their people through computer school.

This means that the bulk of the work of the security industry, including Symantec, is behind the scenes in research and development.

While the California-based firm is possibly best known for its Norton series of anti-virus products, it's their research facility in Dublin which is taking the battle to the next level.

IT PRO recently had an exclusive look at those Dublin, Ireland labs - the Symantec's frontline in the unending battle between criminals and security.

The retro-fitted labs set up operations in 1990. There, Symantec deals with customer threat, response, antiviruses and antispam, and has around 900 employees. Although Symantec does have offices around the world, the Dublin offices are its prime manufacturing and research facility.

Changing vulnerabilities

Symantec deals with about 60,000 attacks and between 25 to 30 new malware vulnerabilities per month. Kevin Hogan, director of Symantec's response centre, said that tactics have changed in the last few years, from finding and deleting a virus when it had already hit to instead battling it at source, such as in browser protection. Rather than the focus being on detecting the virus, it is now more about identifying it before it can hit.

"Attacks have become more complex and multi-part. It was obvious that the technology and skillset had to change," said Hogan. "It's not about solely getting to the virus signatures anymore. We have to make sure the user isn't downloading it from something like Internet Explorer."

He also said that the sizes of the threats had increased. "We get sizes of definitions about 50 MB, which consumers can cope with, but with enterprises it can be a problem," he said.

Looking through the research facility, the bulk of the work appeared to be PC based, with only a small proportion of work done with Macs. However, Hogan made it very clear that this was not due to inherent flaws in Windows.

"Windows is not necessarily less secure," said Hogan.

He added: "I subscribe to the fact that as 90 per cent of users use Windows then obviously this is going to make it more of a target for attack. [With threats] the operating system is irrelevant."

Social Engineering

Another clear new trend is that rather than malware getting more complex, it was more the case that criminals were finding different and unique ways to infect users, using social engineering techniques. The work for criminals now was in finding new ways for users to download and install the malware, such as in using personal details taken from places such as Facebook, MySpace and even Google.

"It's not the technology," Hogan said. "Malware is downloaded by social engineering means. It is the most efficient way of getting it into people's systems."

The social engineering focus means that the technical aspect of the threats wouldn't change much in the future, he said. "Criminals don't need to know the code, they just need the applications. I think we'll see minor changes but from a technical perspective much won't change. It'll be the social engineering which will lure the victims."


Symantec's engineers gave an example of malware they had had seen called 'Silentbanker'. This was a Trojan which targeted 400 banks worldwide and intercepted web traffic before it left browsers such as Internet Explorer and Firefox.

The way it worked was that it employed various ways to find what they needed to access money which usually meant the victim's username, password or a PIN. It had various ways of doing this, one of which was called credential stealing. This involved the Trojan creating HTML code which matched what was on the banking website, and asking for personal details. In other words, it relied on human failures as well as technological ones.

Chopped bodies

Symantec said it didn't usually focus much on the motivations of the criminals, such as whether it was for financial gain or an act of vandalism. Hogan compared their investigation of a malware affected user to that of a murder: "We've found a chopped body. We look at what killed it rather than the motive [of the killer]."

And with the current IT security situation, there's an increasing number of chopped bodies lying around.

IT PRO put the question that maybe it was a good thing for them that there was a lot of IT threat out there as indeed, it kept them in good business. Hogan laughed and said: "Computers will always be around and data will always need protection. There is more than enough to deal with now than we can actually cope with."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download


Hackers could use new Wslink malware in highly targeted cyber attacks

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022