March 2008 — News
Print this articleClick here to receive your FREE subscription to T.H.E. Journal
A White Hat Talks about Modern Malware
When Julie Amero was convicted of four counts of risk of injury to a minor in Connecticut last year, it was a wake-up call for many schools to make sure their anti-virus and anti-spyware software was kept up to date. Amero was the substitute teacher who had chased students off of the regular teacher's computer and taken charge of the computer, on which pornographic images then allegedly started appearing. (Since then her conviction has been vacated, and she awaits a new trial.)
Having our computers serve up the unexpected doesn't surprise Roger Thompson, who has made a career out of being a white hat--one of the good guys in the realm of computer security. Thompson entered the business in 1987 by starting one of the first anti-virus companies in Australia. That was the same year that the Jerusalem virus first surfaced, with the goal of destroying every EXE file it attached itself to on an infected machine. That was shortly followed by the Morris Worm in 1988, one of the first computer worms distributed via the Internet. Since then, as we've all experienced, computer exploits have evolved and continued unabated.
Thompson, who pens the "Exploit Prevention Labs Blog," is currently the Chief Research Officer for AVG, formerly Grisoft. His blog is especially well known for its lists of "innocent search terms," search terms--such as "school closings in illinois parents" or "LEGO DUPLO Block-o-dile" that we might enter on our favorite search engine, which could lead us to hijacked sites where our computers can become infected. AVG, which acquired Thompson's company, Exploit Prevention Lab, in 2007, sells AVG Internet Security and other anti-virus software used, according to the firm, by 70 million users around the world.
The difference between the exploits of 20 years ago and today's hacks, according to Thompson, is that that the new ones are likely to infect our machines from the Web sites we visit and trust. He doesn't blame Amero by any means for what happened on the computer in that seventh-grade classroom. What happened to her could easily happen to any of us.
In this interview, Thompson shares the details about some of the exploits he and his team have recently discovered and explains why it's so difficult for schools to keep their computers clean.
Dian Schaffhauser: What kinds of security problems are hitting Web sites right now?
Roger Thompson: The bad guys are getting better at hacking into them. And then they're really good at using those hacks to infect visitors to those Web sites. If you look back just a few years, you could say that you were pretty safe, as long as you didn't visit any Web sites of 'ill repute.' [Now,] the bad guys could just as easily hack into a mom-and-pop barbecue Web site, and that would catch lots more victims because nobody expects to get into trouble reading the dinner menu.
