I was prompted into crafting this post by a Scientific American blog post which stated that many experts in various scientific studies are sometimes “blinded” by — in fact — their focused studies of a particular subject, missing some of the finer aspects of the larger picture, so to speak.

This reminds me of the many of the various efforts over the course of the past five or so years to connect-the-dots on Eastern European cyber crime — something which I have spent a great deal of time and effort, with reasonable success — Trend Micro customers get protected as a direct byproduct of this research.

Of course, this leads me to the reason for this post — there are certainly “gray areas” of cyber crime where we have yet to identify. It’s an ongoing research project, so to speak, and realistically it is a never-ending quest.

This is where I provide kudos to Dmitry Samosseiko of Sophos, for his excellent paper he presented at Virus Bulletin 2009 in Geneva, entitled “The PARTNERKA – What Is It and Why Should You Care?” [.pdf]

We’ve also been closely following  these “parnterka” relationships, or affiliate programs, for several years — including “installs for cash”  or “pay-per-install” programs that Dancho Danchev has written about on many occasions, and several other “business network” relationships between several entities in Russian, The Ukraine, Estonia, and elsewhere in Eastern Europe.

The bottom line here is that there are very organized, sophisticated, and professional criminal organizations operating out of Eastern Europe, and Trend Micro researchers are very much engaged on this front.

It is a very shadowy, nefarious cyber crime landscape of fraud & theft, and is not always as it appears on the surface — it requires much digging, verifying, connecting-the-dots, and other research that requires may hours, days, and even months of research. There is much that we still don’t know, and that holds true for everyone trying to expose these criminal enterprises.

But we’re on it.

My threat research group does “Threat Intelligence X” and “Threat Intelligence Y”, where “X” is the operational threats that exist now, and 15 minutes from now. Threat Intelligence “Y” is what we can expect to see in 6 months, a year, two years, etc., on the threat landscape.

And all of the threat landscape that exists now (and 15 minutes from now) get represented in the Trend Micro Smart Protection Network, which provides our customers protection against threat from three threat vectors — e-mail, web, and malicious files themselves.

I’m very proud of our efforts here.

Paul Ferguson
Threat Research

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!