The news that a husband and wife are to get jail time in Israel for the creating and distributing malware sounds like the latest example of criminals getting their just deserts.
The story has greater significance than that.
Cast back to the discovery last Spring of what the pair had been up to, a story that got remarkable little coverage despite being the first example of a highly targetted information theft Trojan that did real damage.
That the Trojan, created by one Michael Haephrati, and his wife Ruth Brier-Haephrati, managed to steal tens of thousands of confidential documents from a variety of sizeable Israeli companies was striking enough. That it had been bought from his representatives by legitimate companies in the country in order to spy on rivals was even more remarkable.. That made it more than malware malevolence, it made it a national scandal.
It now looks as if the pair will get 4 years in prison, plus various fines.
The Haephratis were probably not the first people to write and distribute a Trojan as clever as this, and the security world has now taken on-board that they will not be the last. In this context, targtetted means a malware almost written to order, and capable of being used to subvert the security of a specific company. It appears that it got inside some of the best defended companies in the world using the simple route of mailing CDs to named employees under the cover of being a business proposition.
Everybody assumed that malware would come in through the firewall, not through the post room, and so it succeeded on a frightening scale.
Since then, weve seen a number of similarly targeted attacks reach the ears of the media. They can be aimed at businesses, organisations, governments and, of course, named individuals. Did anyone see such a thing coming? Did they heck.
The lesson of the Israeli Trojan writers is simple if disconcerting: attackers are no necessarily longer out to get computer users in general, they can now set out to attack only you or the company you work for. Assuming that sort of attack becomes more common in the years to come, how can it be defended against?
If the malware is sent to only a few people amidst the millions of possible targets, and if the malware hides itself effectively, then how can it ever be detected and remedied by the companies that make it their job to sell protection before it has done its work?