Microsoft virus 'bounty hunter' warns of never-ending battle

IT security will always remain a never-ending battle, according to the head of Microsoft's European cyber-crime-fighting unit.

Former police officer Paul Thomas, head of Microsoft's European internet safety and IP investigations team, heads up a unit made up of ex-Interpol and ex-US secret service agents, prosecutors and IT forensics experts responsible for tracking down virus and malware writers, spammers, hackers and phishing gangs.

He told silicon.com: "There will be new threats as long as there are people out there with criminal intent. Most new technology is going to be looked at by the criminals to use to their advantage. As people's use of technology increases then criminals are still looking for opportunities."

One of the biggest security threats today are the armies of 'zombie' PCs that have been hijacked by criminals using backdoor Trojans to gain remote control of a user's computer. A botnet - a network of zombie PCs - can then be used to send spam or launch a distributed denial of service (DDoS) attack against a target organisation.

Thomas said: "You don't have to be amazingly technically gifted to set up a botnet. At the lower end of the scale you have people doing it for personal gain where you could use a botnet for click through revenue on a website. At the other end of the spectrum you have serious and organised crime using those compromised computers for DDoS attacks to extort money for people."

The main locations Microsoft's security unit has tracked these to turn out to be the usual suspects: central and eastern Europe and China, although there is also significant activity in some Asia-Pacific countries and Brazil.

Thomas claims that worldwide co-operation between governments, law enforcement agencies and technology companies - such as the Botnet Taskforce - is proving successful in combating these security threats.

He said: "The tide is turning towards law enforcement."

Indeed Microsoft's cyber-crime unit has had some notable successes to date, having taken action against 150 spammers, tracked down the Sasser virus author, caught the two people in Morocco alleged to be behind the Zotob virus that hit some major US corporations including American Express, and nabbed a Bulgarian phishing gang.

But Thomas readily admits that it will be an on-going battle to try and stay one step ahead of the high-tech criminals and said one of the weak links is people who are still unable to resist opening dodgy email attachments that subsequently infect their machine.

He said: "It still often comes down to social engineering. People have to be aware of what it is they are looking at and what they are opening. One of the areas people should pay more attention to is opening jokes and images. Education and awareness is important."