Wednesday, September 12, 2007

Profile of a Malware Analyst (September Insight)

In this Security Insight issue Vlad Borisenko, Malware Analyst at Agnitum, speaks about the ins and outs of his profession. Interesting reading, especially if you realize that there are good people behind good software!
Enjoy reading the september issue and feel free to share your thoughts below.

Igor Pankov
Product Marketing Manager

8 comments:

Manny said...

Now that you are receiving virus signatures from Virus Buster Vlad for the AV portion of the software, how has your job changed Vlad?

Anonymous said...

this is guitrman56@yahoo.com and I tried your service. The reason I did not continue using it is because my laptop is being hacked even as I write this but you know what? In the big scheme of things, it isn't all that important however I thought you might like to know.

Wesley John

Anonymous said...

It's important if my computer gets hacked. So I'm glad smart people are working to stop all that.

Agnitum BLOG said...

Thanks to everyone for the comments!

I guess pretty much stays the same - we still analyze threats no matter what specific type of malware they belong to. This job is akin to the surgeon's work: you need to make an incision before you can take a look inside.

As for VirusBuster team, they are really helpful. They provide us a great additional source of signatures. In fact, Outpost Security Suite has two malware labs working for it, which results in doubled effectiveness.

Vlad Borisenko
Malware Analyst, Agnitum

Anonymous said...

I have a uniquique situation. Some one is hacking my machine using standard windows software, i.e. standard services and system calls. How does OPSS handle that?

Agnitum BLOG said...

To guitrman56@yahoo.com:

Elaborate please. What product did you use? What sort of problems did you experience?

To Anonymous:

Could you give us more details as well? We'll try to help you. Do you have Outpost Security Suite installed?

Pavel Goryakin

Anonymous said...

I have the latest version of OPSS installed. I discovered through the windows event viewer that someone had been logging on using the Guest account and setting priveliges such as being able to see when any one changed the password of any account and what that password was. I changed the password of the guest account using the "net user" command and I have not had anymore logons using the guest account.

OPSS anti-malware scans declares my system to be clean. I am using version Outpost Security Suite Pro 2007 (5.0.1252.7915.619)

My virus and spyware definitions are up to date.

Yet somehow someone is able to access my system.

A brief history. I reloaded my system and then put OPSS on before ever accessesing the internet. I then accessesd your update facility and brought my virus and spyware and preset database upto date. I then accessed Microsoft's update facility and brought windows up to date. Then I accessed and downloaded each piece of software that I use and scanned it for malware. I use AI Roboform, Itunes, Microsoft Office, Google Desktop, Quicken 2007, Quicktime, Real Player, Remote Assist, Outlook Express, firefox, Media player.

I then let the the system set and strange things started to happen. Runtime errors started to happen in the C++ part of Google desktop. Errors happened in your OPSS and reports were sent.

Then I tried to connect my USB HD. Sometimes it would connect and othertimes it would not.

The conclusion that I have come to is that there was code down loaded in the MS updates that allowed all of this to happen. Either that or there was code in the drivers that MS supplied.

Jebha said...
This comment has been removed by a blog administrator.