Customer Power and AV Wannabes · Chapter 1 21 Anti-virus Company Analysts AV company analysts have, in a sense, one of the most important yet least recognized jobs in our industry. Very often, they sit in their employers' laboratories and reverse-engineer viruses day after day, with little recognition coming their way.Their work allows the product devel- opers to add the needed definitions (search strings or, popularly but not altogether accu- rately, signatures) to keep their virus scanning products current.These folks seem to move around a lot, and if they are particularly sharp they don't spend too long analyzing code at this level, but usually end up in more exciting technical areas like R&D. Nonetheless, this form of analysis is very important, though not particularly glamorous, and not necessarily well paid. It allows the individual to get a good foundation in the inner workings of what makes the malicious code work. Many of the big names in our industry still keep their skills honed by reverse engineering and analyzing source code. Independent Researchers Independent researchers are not tied to any particular company, though they may work with or for security vendors on some sort of ad hoc basis.They often perform many of the same tasks as the individuals who work for the AV companies.The primary difference is that they don't do it because they have to, but because they have a passion for the security field and enjoy the work. Padgett Peterson is probably one of the most respected individuals to fall into this category. He has written many programs that deal with viruses, including a generic AV program and Macrolist, an excellent tool that addressed the problem of macro viruses when they first became a significant problem. Other notables in this category include Richard Ford, Eddy Willems, and Nick FitzGerald. Technical and Psychological Analysts As we began to understand the virus threat and develop solutions to counter it, we tried to figure out what type of individual writes viruses. Sarah Gordon became the most widely recognized expert in profiling virus writers as a result of her analyses of the technological and psychological factors that influence virus writing. For many years she has interviewed virus writers via e-mail and telephone. No one can deny that valuable insights and informa- tion that have been provided to us because of Sarah's efforts. As a direct result of her research and that of those who followed her, we learned a great deal about the types of person who wrote viruses, as well as the victims.These insights in to the Virus Exchange (vx) community have helped us to be a little more proactive in an otherwise reactive industry. However, as the balance has shifted away from the hobbyist virus writer to "for profit" malware authors (this shift is also reflected in the decline in virus numbers proportionally to other forms of malicious software), our perception of who's who and who does what in malware authoring and dissemination has also changed. www.syngress.com