Al Huger, a well-known Canadian “”weatherman for cyber storms”” thrives on being a virus hunter — and has a few tales to tell about the life he leads.
His most memorable moment came when CodeRed broke out. “”The breakout of CodeRed was probably the most exciting point in my career at Symantec
because we had just built the threat management system previously (in its beta trials) and it worked. It was proof positive that what we’d spent the last two years building was real — and that’s a tremendous feeling.””
Huger, who entered the Internet security realm in 1996, manages Symantec’s early warning solutions at the company’s Security Response product development centre in Calgary. The post is noteworthy because it’s a Canadian effort, he says.
His tools to fight the storms? The company’s DeepSight Threat Management System and the DeepSight Alert Services. Huger says the tools are similar to a weather tracking system, which let companies brace for incoming threats.
What led him to be a virus hunter for Symantec? His enterpreneurial skills, Huger says. He sold his own start-up company SecurityFocus, a provider of enterprise threat management, to Symantec in August 2002. He then joined Symantec, along with his 51 employees, and is now the senior director of development.
Huger says he is always on the lookout for security trouble. Indeed, Huger, along with his staff, must be on a contant vigil to fight the good fight. “”When a worm breaks out staff can be expected to work shifts anywhere from 16 to 24 hours because they can’t stop working . . . And when you have an event where three worms break out at the same time, it makes for incredibly high stress.””
And there’s lots to worry about. Over a seven-day period, “”we see something in the area of 98 million events worldwide which we consider to be malicious attacks . . . and over the last 18 months, we’ve seen about 5.6 billion.”” The top problem is remnant activity from worms. “”We just saw Blaster come out. We will be seeing Blaster for months, if not years. It and CodeRed and Slammer are the top three — and they are all old worms, but they create a huge storm.””
And while there’s no zen water fountains to help staff keep the stress at bay, he says a free pop giveaway policy at the company certainly helps.
“”The primary goal of people here is to watch for trends that are breaking out on the Internet — and they do this by watching a series of data sets that are provided to them by our system. It culls through massive amounts of data (something like 600 thousand files a day are calculated).”” Finding out about the problems before they get put into a worm (using a vulnerability alerting system), is the key to prevention, he says. A profile can then be built, uncovering how it can be found; what traces it will leave; how it can be easily identified early. “”That’s the key to our success.””
Huger says a few significant trends have recently emerged.
“”We’re seeing huge outbreaks, multiple outbreaks, of attacks (including Sobig and Blaster) that are all hapening at the same time.””
The second big trend, he says, is now more than ever specific industries are targeted (such as the financial market) by large-scale viruses such as BugBear. “”Part of its code-base was specific to financial services. It affected banks and went and stole all of their remote access passwords and let them out on the Internet.””