[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 6 May, 2004, 11:07 GMT 12:07 UK
Trench warfare against viruses
By Clark Boyd
Technology correspondent in Helsinki, Finland

Computer security experts have been working around the clock to battle the Sasser worm.

Mikko Hypponen of F-Secure
Hypponen: New viruses popping up at a furious rate
It is a job tailor-made for one group of anti-virus experts based in Helsinki, Finland.

The research team at F-Secure waste little time when a new computer bug is detected.

The first step is to alert everyone in the office and that job falls to Lu, a stuffed toy monkey that screams when smacked.

It is a sound that usually signifies hours, maybe even days or weeks, of tough work for the anti-virus team.

Mikko Hypponen is used to it by now. As head of anti-virus research at F-Secure, he has seen many viruses over the years.

"If you look at the total numbers over the last 15 years, we've seen 90,000," he said.

"Most of those are extinct, and are not a problem anymore. So something like 300 to 400 most common viruses cause practically every infection around the world."

'Constant war'

Mr Hypponen calls this constant threat "back-scatter noise". On top of that, he says, new viruses are popping up at a furious rate these days.

Every now and then there are specific cases that are particularly interesting, because of the way they propagate, because of the harm they actually do
Ero Carrera, F-Secure
Take, for example, one family of viruses - Netsky.

"We've seen 65 different versions of this virus over the past 40 days or so," he said.

"Every two days we find a new virus. And it might be the middle of the night, the middle of the day, in the middle of the weekend.

"Over Easter we had three new versions of this virus. It's a constant war against the other side."

One of those at F-Secure tasked with defeating viruses and worms is Ero Carrera.

Like most in the anti-virus world, the Spanish-born Mr Carrera taught himself how to do this kind of work.

It is called reverse engineering, working through sometimes millions of lines of code to figure out how the virus works, how it propagates, and, most importantly, how to stop it.

Fortunately, most viruses are very similar.

"But every now and then there are specific cases that are particularly interesting, because of the way they propagate, because of the harm they actually do," said Mr Carrera.

"Those are really interesting to look at, and you have to look fast and act fast, because there could really be a lot of danger if that virus spreads and infects a lot of machines.

"That's when it really moves us, it's a challenge, an intellectual challenge."

United front

F-Secure is Europe's biggest anti-virus company. Globally, its main competition comes from outfits like Symantec and McAfee.

But when it comes to cracking viruses and worms, competition usually takes a back seat.

The quantity and quality of today's viruses demand a high level of cooperation among virus-busters.

Computer network connections, Eyewire
Sasser spread across the internet by itself
"We have to send each other virus samples, information on new viruses," said Gergely Erdelyi, who moved from Hungary to Finland to work at F-Secure almost four years ago.

"If there is a big case or if something is really complex, then of course the more information we can gather from the companies, then the faster we can come up with a solution for our customers. So we do co-operate a lot."

The nature of the battle between the virus-writing world, and the anti-virus world has been changing over the past few years, for the worse, as far as the virus busters are concerned.

You can find downloadable virus-writing programs floating around in cyberspace. Just type in a name, click the mouse a few times, and you can make a virus without even knowing how to write code.

But even more insidious is the rise of the professional virus-writer - someone who gets paid to wreak havoc in cyberspace.

Spammers, for example, are now paying virus writers to create malicious programs that will turn infected machines into spam-spewers.

Criminal intent

Worse, says F-Secure's Mikko Hypponen, organised criminals are now jumping on the virus-writing bandwagon.

"There are sites, typically operating somewhere in Russia, or Belarus, or Ukraine or China, where you can buy an attack tailored to a target, pay them the money, and then they will attack the site you pick," he said.

That is usually followed by a phone call, demanding what amounts to extortion money - pay us, or we'll attack you again.

The anti-virus team at F-Secure cringes when they think of the damage organised attacks could inflict on global internet usage.

That would mean a lot more screaming from Lu, the virus-alert monkey.

Lu's owner, anti-virus expert Katrin Tocheva, says the crew tries to remain calm and knowledgeable.

"Actually, the monkey's getting crazy, we're not getting crazy. We're just working normally, but with a higher speed of course," he said.

The Sasser worm is helping to make this one of the worst years ever for virus outbreaks, according to F-Secure.

If it keeps up, the team in Helsinki will be spending many of long summer nights sitting in front of their computers, picking through line after line of code.

Clark Boyd is technology correspondent for The World, a BBC World Service and WGBH-Boston co-production


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific