Why Antivirus Software Didn't Save The New York Times From Hackers

Why Antivirus Software Didn't Save The New York Times From Hackers
In this Oct. 18, 2011 photo, traffic passes the New York Times building, Tuesday, in New York. The New York Times Co. stock rose sharply on Thursday, July 26, 2012 after the media company reported that second-quarter revenue increased more than expected. (AP Photo/Mark Lennihan)
In this Oct. 18, 2011 photo, traffic passes the New York Times building, Tuesday, in New York. The New York Times Co. stock rose sharply on Thursday, July 26, 2012 after the media company reported that second-quarter revenue increased more than expected. (AP Photo/Mark Lennihan)

There is a booming industry that sells computer security products to consumers and businesses. But antivirus companies have a problem: Their software often can't prevent hackers from breaking into your computer and snooping around.

The New York Times was the latest victim to discover the limitations of antivirus software. The Times revealed Wednesday night that Chinese hackers had gained entry into its computer network for four months in hopes of identifying a reporter's sources for an investigation into the business dealings of relatives of China's prime minister.

The Times' antivirus vendor, Symantec, did little to stop the hackers, the paper said. Of the 45 different kind of malicious software -- or malware -- the hackers used in their attack, Symantec only detected one of them.

The finding raises questions about the effectiveness of the $7.4 billion antivirus industry. Experts say antivirus software is failing to keep pace with the innovative methods used by sophisticated hackers like those from China.

Traditional anti-virus software relies on a list of "signatures" to identify and stop known viruses. But today's hackers are creating new malware faster than vendors can list them. AV-Test, a German research institute that tests antivirus products, says more than 100,000 new kinds of viruses are created every day.

Hackers also use websites like Virus Total to test their attacks, ensuring new viruses go unnoticed by current antivirus products. That is why many cybersecurity professionals don't use antivirus software on their own computers -- the pace of innovation for new malware moves too quickly.

Last year, the security firm Imperva found antivirus software detected only 5 percent of newly created viruses. Some antivirus companies can take up to four weeks to detect a new virus. Often, the most effective software is available for free from companies like Avast and Emisoft, according to the study by Imperva, which is also in the business of selling security solutions.

"Most capable hackers can bypass virus scanners," said Tom Kellermann, vice president of cybersecurity for Trend Micro, a cybersecurity company. "Antivirus is not the solution to these types of attacks."

Symantec said Thursday the company also offers sophisticated security software to thwart "advanced attacks" like those against The Times.

"We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security," a Symantec spokeswoman said. "Antivirus software alone is not enough."

The hackers who targeted The Times may have used a technique called "spear phishing," in which they send targeted emails that appear to be from a trusted source. When the victim opens a link or attachment, the hackers install malicious software -- known as malware -- onto their computer to steal documents, log keystrokes, or collect usernames and passwords.

Many of the most sophisticated cyber attacks against U.S. companies come from hackers employed by the Chinese government, experts say. Industry experts say Chinese hackers typically research their targets to find out who has access to the documents they want and then use a variety of methods to infiltrate their network. Chinese officials have repeatedly denied sponsoring hackers.

But it's not just media outlets or Fortune 500 companies with valuable intellectual property who are in hackers' crosshairs. Increasingly, small businesses are being targeted by hackers because they can't afford more advanced computer security.

Experts say there is no foolproof solution, but the computer security industry says their new line of products -- called "advanced threat protection" -- is better equipped to catch Chinese cyber-spies and other hackers.

Some companies, like Bit9, offer what is called "white-listing," which only allows good files onto computer networks, instead of trying to block the bad ones. Others plant fake data on a company's servers to trick hackers and frustrate them into giving up. Kellermann calls it "building a better prison rather than building a better fortress."

"These tools will help you, but there's no such thing as a silver bullet," said Paul Carugati, a security expert for Motorola Solutions. "That's why we need to be innovating more and get ahead of the constant-changing nature of these threats."

Before You Go

Close