January 2008   
 
 

BUSINESS INSIGHT: MALWARE EPIDEMIC

Making Sure the Bad Guys Don't Win

By Christopher Bolin,
Chief Technology Officer, McAfee Inc.,

Our Avert Labs team recently predicted that the cumulative year-end malware virus count will reach 550,000 in 2008, a figure that has generated a lot of discussion. Why is this issue worthy of so much attention? Because malware is becoming a global epidemic, and many people still don't get how dangerous it can be. These aren't just kids having fun. These are serious criminals going after social security numbers, credit card numbers and bank routing numbers. They want to steal innocent consumers' money, plain and simple.

At McAfee we're working around the clock to stop them, but we aren't the only security company out there. Last year I called on the industry to work together to develop a security standard for hosted applications and in 2008 I'm getting back on that soapbox with a new call to arms for fighting the global distribution of malware.

To be clear, I am not suggesting that we are losing the fight against cybercrime. But I do believe that if we—as an industry—don't do something about the proliferation of malware, one day the criminals will get ahead. Malware is adapting faster than technology to fight it can be deployed, and the fact that such technology often remains siloed only exacerbates the problem.

If you've heard me say all this before, all I can say is, get ready to hear me say it again.

And again.

We need:

  • Cooperation between Internet service providers: ISPs and domain registrars must share information with security companies. Privacy concerns aside, if the ISPs see an unusual amount of activity, within reason, it should be flagged. Compared to the amount of malware out there, convictions are very low. We need to cut the criminals off early. One action that needs to be discussed is how security vendors can work with ICANN to best protect consumers' identities and personal information.
  • Better legislation: The global nature of cyber crime makes arresting and prosecuting cybercriminals difficult. Laws need to be modernized to enable increased international cooperation against emerging trends in cybercrime—and to protect innocent victims. McAfee is supporting the bipartisan Cyber Security Enhancement Act, which if passed would be a major step in this direction.
  • Standards for domain registration: Similar to how PCI established a set of standards for the payment card industry (my colleague Carl Banzof provided an excellent overview in the September 2007 issue of Security Insights here, I believe we need standards for domain registrations, including background checks. Hackers are successful because they are able to change domains very quickly.

If the industry can come together and coordinate a plan, we can prevent malware and financial losses from reaching unprecedented heights.

Maybe then I'll get off my soapbox.

 


 

Useful Links
Recent articles
Send to a friend
Add me to the newsletter list
Change my subscription to text
 


         
 

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee Inc. and/or its affiliates in the United States and/or other countries. McAfee red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

Copyright 2007 McAfee, Inc. All rights reserved | Privacy Policy | Anti-Piracy Policy | unsubscribe