Kaspersky Lab to set up office in Nairobi

Friday, June 15, 2012 - 00:00 -- BY JAMES MBUGUA

The next time you encounter a strange file on your computer or a suspected virus, simply email it to newvirus@kaspersky.com. The file will go to the dropbox for malicious software, where the suspect files are analyzed and an almost instant feedback sent to you explaining whether the file is malicious, if so, what virus it is, and what the antidote is.Every second, says Stefan Tanase, Kaspersky Lab, the big IT security firm, sees a new malicious software.

That translates to 70,000 new malware programmes a day, explains Tanase who is a senior security researcher, EEMEA, Global Research & Analysis Team at Kaspersky Labs.

Tanase who was in town last week ahead of a planned opening of a Kaspersky office in Nairobi said 99.9 per cent of these malware are developed by people who are financially motivated. “The malware we are seeing nowadays is written by people who are financially motivated,” said Tanase “The days when people used to write viruses just as a hobby or just to prove that they can are gone.” As an IT security firm, Kaspersky has its products in over 300 million computers worldwide, Tanase said.

This means the task of keeping paying customers happy while free anti-virus software such as Microsoft Windows Essentials and AVG exist is that much more difficult.

Kaspersky has had to adopt. For starters it has the Global Research team that works to analyse and identify new viruses or malware and then come up with the protection algorithms to counter it. “When you have such a large user base you have to test anything before you ship it out.”

The team which has over 1,000 people is supplemented by automated analysers (programmes) that analyse the bulk of the 70,000 new malware discovered daily. For the bulk of the malware detected, it is usually a modified form of a previously known one so it is easy to handle. For some malware, however, it requires human analysis.

Kaspersky has also developed what it calls the Urgent Detection System (UDS) that works by connecting Kaspersky users to its cloud. “The products that are installed in the users computer are in constant touch with our cloud,” explained Tanase. This way, the user can receive protection constantly as any suspicious programme is analysed using the in the cloud technology.

Besides that, the company also works with other IT Security companies with whom it exchanges malware it discovers and they share what they discover in turn. Kenya, and other African countries, Tanase reckons, is still relatively safe for the reason given above (financial motivation) and internet speeds.

Most cybercrooks, he explained, target people to steal from them directly for example by intercepting credit card payments for transactions. Given the relatively few financial transactions of this nature done online in this part of the world, criminals are more likely to target more developed markets. Further, the other reason a user may be targeted by cyber crooks is perhaps to commandeer their computer to be used in online attacks against other users.

According to Tanase, an underworld of cybercriminals exists where three major items are traded; credit card numbers, access to computer systems and botnets. The last refers to a group of computers taken over by crooks to be used for online attacks. Some crooks hire these out to those who may need them. Because the internet speeds in this region are still not that high and latency is also big, Tanase believes Kenya is unlikely to be targeted for such reasons. That said, anyone can seek support from Kaspersky if they suspected their computer is infected.

“Anyone not just our customers can send any kind of suspicious file to that address (newvirus@kaspersky.com) and it will first go through our automatic processing system,” said Tanase. “If we already know it we are going to respond instantly. If the file requires further analysis we are going to respond and say the file is being processed.”

As for the worst virus Tanase has encountered at Kaspersky, it is FLAME, the malware that was discovered recently infecting computers in the middle East especially Iran and Israel. The virus was discovered accidentally when Kaspersky was doing some other work for the International Telecommunications Union.

Kaspersky has since said the FLAME virus is related to another called Stuxnet discovered three years ago. “The discovery of the Flame malware in May 2012 revealed the most complex cyber-weapon to date,” a company statement said.