Security Watch | Matt Hines » Trend's Chen on HijackThis, Chinese malware

March 20, 2007 | Comments: (0)

Trend's Chen on HijackThis, Chinese malware

TAGS: Security

Trend Micro CEO Eva Chen stopped into Boston on her latest trip across the United States and offered up some additional details of her company's recently-announced deal to buy HijackThis, an anti-spyware utility.

Snapped-up from a Dutch student-developer named Merijn Bellekom, HijackThis will become an important part of the anti-virus company's worldwide database of threats and vulnerabilities, said Chen, even though the product is currently given away for free, a la McAfee's SiteAdvisor.

The firm is constantly looking for new sources of outbreak data to feed into its products, and HijackThis can offer a unique view into the world of spyware, according to the CEO.

Chen also promised not to significantly alter the manner in which the technology works and said the firm will look to outside virus researchers to help to keep the tool ahead of the curve.

"We bought HijackThis because of its huge database of Web threats and because it compliments all the time we've spent building our own back end tracking systems," Chen said. "We're not going to use freeware to up-sell our products, but we see it as an important part of the business; we're really hoping to get tagging users to continue to contribute, as this will help us identify new attacks as they appear."

In a post to his Web site, Bellekom said that he decided to sell the tool because he had hit a wall in completing a new update of the product as he struggled to balance time between development and his university classes. Trend has also taken ownership of another anti-spyware technology built by Bellekom, dubbed CWShredder, which he had sold to InterMute, which was subsequently purchased by Trend.

Trend is currently creating a new version of HijackThis meant to run on Microsoft technologies including IE 7.

The anti-virus company is following in the steps of McAfee and others by adding so-called Web reputation services to its cadre of technologies, and announced a beta version of its TrendProtect technology last week. Much like SiteAdvisor, the browser plug-in is meant to help end users identify potentially dangerous URLs by giving a safety rating to web pages and search results.

Chen also offered her own take on research which points to increased cooperation between Chinese malware writers an those in the Western world.

Last week, Chris Boyd, aka Paper Ghost, a research expert at FaceTime Communications, told me that he's recently seen evidence of this type of partnership between the international malware community and Chinese hackers on several underground forums.

While Boyd contends that this development is rather new, with Chinese malware writers using the advice they've garnered to up the ante in the social engineering aspects of their threats (and prevent tipping their hands by sending potential victims to overly busy, spam-like Asian-style Web sites), Chen said the work has probably been going on for a long time.

"I don't think this is anything new, it's been going on for years, you have to remember that the original Michelangelo virus originated in Taiwan," Chen said. "But I'm not sure that Chinese hackers are sharing information with outsiders so much as they might be learning by watching."

Chen said that Chinese hackers are particularly adept with driver-based threats, perhaps base on the volume of device and component manufacturing that goes on in the massive nation.

Based on the unique characteristics of some Chinese malware programs, Chen said that Trend uses special "China patterns" to help sniff out attacks that emanate from the region.

Posted by Matt Hines on March 20, 2007 10:12 AM

RATE THIS ARTICLE: