Behind the scenes: Symantec's malware battle

IT PRO visited Symantec's offices in Ireland to find out more about its fight at the ever-changing frontline of malware.

The security industry is huge, with good reason. IT needs constant policing. Malware and botnets are just two of the ever-changing and increasing threats that users around the world face every day, with the security industry as the main - and often only - defence.

Indeed, there never seems to be an end in sight - leading some to doubt the value of the security industry, believing it exists to scare people and companies into buying products and support they don't really need.

But it is highly unlikely that there will ever be a time where the end-user will not make mistakes or insecure software won't be supplied.

And, as long as humans want to make money, and cybercrime offers an easy way to do so, security companies will need to keep up their work.

Advertisement - Article continues below
Advertisement - Article continues below

Symantec's frontline

It's a battle all security firms face, including Symantec. While the constantly changing frontline has been good for business - the firm was founded in 1982 and now sells to over 40 countries - it's no easy task to keep ahead of malware.

Criminals just don't stand still and many are as intelligent as the white knights of the security industry, with stories of gangs putting their people through computer school.

This means that the bulk of the work of the security industry, including Symantec, is behind the scenes in research and development.

While the California-based firm is possibly best known for its Norton series of anti-virus products, it's their research facility in Dublin which is taking the battle to the next level.

IT PRO recently had an exclusive look at those Dublin, Ireland labs - the Symantec's frontline in the unending battle between criminals and security.

Advertisement - Article continues below

The retro-fitted labs set up operations in 1990. There, Symantec deals with customer threat, response, antiviruses and antispam, and has around 900 employees. Although Symantec does have offices around the world, the Dublin offices are its prime manufacturing and research facility.

Changing vulnerabilities

Symantec deals with about 60,000 attacks and between 25 to 30 new malware vulnerabilities per month. Kevin Hogan, director of Symantec's response centre, said that tactics have changed in the last few years, from finding and deleting a virus when it had already hit to instead battling it at source, such as in browser protection. Rather than the focus being on detecting the virus, it is now more about identifying it before it can hit.

"Attacks have become more complex and multi-part. It was obvious that the technology and skillset had to change," said Hogan. "It's not about solely getting to the virus signatures anymore. We have to make sure the user isn't downloading it from something like Internet Explorer."

Advertisement - Article continues below

He also said that the sizes of the threats had increased. "We get sizes of definitions about 50 MB, which consumers can cope with, but with enterprises it can be a problem," he said.

Looking through the research facility, the bulk of the work appeared to be PC based, with only a small proportion of work done with Macs. However, Hogan made it very clear that this was not due to inherent flaws in Windows.

Advertisement - Article continues below

"Windows is not necessarily less secure," said Hogan.

He added: "I subscribe to the fact that as 90 per cent of users use Windows then obviously this is going to make it more of a target for attack. [With threats] the operating system is irrelevant."

Social Engineering

Another clear new trend is that rather than malware getting more complex, it was more the case that criminals were finding different and unique ways to infect users, using social engineering techniques. The work for criminals now was in finding new ways for users to download and install the malware, such as in using personal details taken from places such as Facebook, MySpace and even Google.

"It's not the technology," Hogan said. "Malware is downloaded by social engineering means. It is the most efficient way of getting it into people's systems."

The social engineering focus means that the technical aspect of the threats wouldn't change much in the future, he said. "Criminals don't need to know the code, they just need the applications. I think we'll see minor changes but from a technical perspective much won't change. It'll be the social engineering which will lure the victims."

Advertisement - Article continues below


Symantec's engineers gave an example of malware they had had seen called 'Silentbanker'. This was a Trojan which targeted 400 banks worldwide and intercepted web traffic before it left browsers such as Internet Explorer and Firefox.

Advertisement - Article continues below

The way it worked was that it employed various ways to find what they needed to access money which usually meant the victim's username, password or a PIN. It had various ways of doing this, one of which was called credential stealing. This involved the Trojan creating HTML code which matched what was on the banking website, and asking for personal details. In other words, it relied on human failures as well as technological ones.

Chopped bodies

Symantec said it didn't usually focus much on the motivations of the criminals, such as whether it was for financial gain or an act of vandalism. Hogan compared their investigation of a malware affected user to that of a murder: "We've found a chopped body. We look at what killed it rather than the motive [of the killer]."

And with the current IT security situation, there's an increasing number of chopped bodies lying around.

Advertisement - Article continues below

IT PRO put the question that maybe it was a good thing for them that there was a lot of IT threat out there as indeed, it kept them in good business. Hogan laughed and said: "Computers will always be around and data will always need protection. There is more than enough to deal with now than we can actually cope with."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020