Tales of a SophosLabs intern

Filed Under: Malware, SophosLabs, Spam

Julian BhardwajHello, I’m Julian, a student studying discrete mathematics at the University of Warwick, and I have been working as a SophosLabs intern for the last two months.

(In case you don't know, discrete mathematics is a fascinating discipline of mathematics and computer science, not a type of secret maths which is done in darkened rooms and not spoken of!)

I was offered this opportunity following my involvement in the Cyber Security Challenge UK - a series of online and face-to-face competitions provided by industry sponsors which aims to attract more talented people into the cyber security profession.

The Challenge was a wonderful opportunity to both experience and enjoy the competitions, as well as learn more about the rapidly expanding security industry and the big players within it. I have to admit, before competing in the Challenge I’d never heard of Sophos before!

Naked Security readers will be no stranger to the critical importance of good security in today’s society. Whether it be from targeted attacks against big corporations, or rampant zero-day exploits against home users, security (or lack of!) is a big concern to us all.

There are some very talented security experts who I have had the pleasure of working with here at Sophos, but the industry needs more people like these and that's why initiatives like the Cyber Security Challenge UK are so valuable.

Simply put, the days of spotty teenagers sitting in their rooms hacking for “for the lols” are over. Cyber criminals are now professional and business minded - now is the time for a new generation of upcoming professionals to join the fight against cybercrime. I’m still a spotty teenager, but I’m sitting in an office wearing a shirt and tie (well, the tie part was true for day one at least!).

Cyber Security ChallengePeople always ask me, how did you learn to hack? (Because *hacking* is the first thing that comes to mind when I try to explain my interests to friends.) The truth is, I had very little experience of computer security, hacking or otherwise, before my involvement with the Challenge and Sophos this year. Academic study (and curious Google searches) only gets you so far!

Besides, what most people consider as hacking is very different to what computer security actually entails. There are no legitimate jobs for “hackers” in the traditional sense.

So on arrival at Sophos on my first day, the main question at the forefront of my mind was “What do anti-virus companies actually do?!” So many of us rely on anti-virus to keep us safe online with little understanding of how this is actually accomplished.

After two months of attempting to contribute to this effort myself, I now really appreciate how hard it is. I am told that SophosLabs sees over 200,000 new malware samples every day. It gives me a headache just thinking about how many bytes of code that is to analyse before I even start to factor in the tsunami of spam messages the labs process each day!

I had previously imagined that spam would be a fairly easy problem to defeat with clever automation systems and had no idea of the continuous effort that's required by skilled analysts to keep this beast at bay! This has also shown me the importance of reminding friends and family of the danger spam can pose, as I’ve seen how effectively malware can be distributed through unsolicited emails.

SophosLabsI have spent a good deal of my time here looking at a growing threat on the malware horizon: ransomware. Specifically, I have been analysing a particular family of file-encrypting ransomware which poses quite a problem for anti-virus vendors. The outcome of this analysis shows that it is no longer feasible to provide decryption tools for victims of this plight, as the cryptography employed by these ransomware families is highly sophisticated.

By either using public key crypto, or by generating random symmetric keys and transmitting these to a remote command-and-control server, it is possible (and fairly easy) for malware to irreversibly encrypt users' documents, photos and music. This massively raises the stakes for Sophos and other vendors alike to detect and protect against these intimidating threats before the damage is done.

One approach would seem to be to redouble efforts to tackle the malware distribution networks, for example, by combating compromised websites that deliver drive-by download attacks.

Moreover, I feel that companies like Sophos need to refocus on developing behavioural analysis systems to be able to detect and block previously unseen malware based on what it is actually doing at runtime.

As the bad guys develop new tricks to ensnare their victims, the professionals fighting the plague of malware rise to the challenge.

The battle between malware authors and malware analysts continues, and I know which side I’d rather be on - the one with the steady paycheck and no chance of a jail sentence!

, , , , ,

You might like

6 Responses to Tales of a SophosLabs intern

  1. Nigel · 1127 days ago

    It's "different from", not "different to".

    Good article...and good luck in your career. You picked the right side.

    • Paul Ducklin · 1127 days ago

      My 2011 Oxford Dictionary of English (which came digitally with Mountain Lion) disagrees quite strongly with you:

      "_Different from_, _different than_, and _different to_: are there any distinctions between these three constructions, and is one more correct than the others? In practice, _different from_ is both the most common structure, both in British and US English, and the most accepted. _Different than_ is used chiefly in North America, although its use is increasing in British English... _Different to_ is common in Britain, but is disliked by traditionalists. The argument against it is based on the relation of _different_ to _differ_, which is used with _from_; but this is a flawed argument which is contradicted by other pairs of words such as _accord ( with)_ and _according ( to)_.

      My 1997 print edition of the ODE (the very first edition, when it was still called the New Oxford Dictionary of English) is equally clear that 'different from', 'different than' and 'different to' must all be considered unexceptional, and that all three are in use by respected writers.

      And with that minor matter out of the way...Julian did indeed pick the right side!

      • Nigel · 1126 days ago

        Apparently I'm a traditionallist. ;)

        I realize that this is an international forum, so I try to accommodate the differences in linguistic customs and idiosyncrasies. Evidently, "different to" is one of them. I stand corrected. Thanks, Paul!

  2. Mark · 1127 days ago

    Did work experience at Sophos last year in Core Products, can't wait to get back at some point!

  3. Jack Wilborn · 1126 days ago


    You posess one thing above the others that allow more intelligent people to operate within society and that is a quick mind that understands that jail sucks. If others were smarter there would be less of these attractks. Good work.

  4. tom wiseman · 1124 days ago

    please note: The Oxford Dictionary of English is a juvenile parvenu compared with its illustrious pre-genitor, the OED - THE Oxford English Dictionary. In all its manifestations, complete or pocket, the OED would never countenance anything other than 'from' as such would be, and is, semantically and linguistically illogical. My mother said so.
    So there

    - but despite this and other minor syntactical errors (still reprehensible but, owing to the rubbishy teaching of English grammar in English schools these days, rather prevalent) - this is pretty good writing that only needs minor sub-editing, is lucidity itself and a pleasure to read - a jolly good article and a jolly good attitude - so different from the cretins who defend (and probably practice) hacking, counterfeiting and simple fraud and can hardly string two words together let alone an intelligible sentence!

    best of luck and success in your endeavours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Julian Bhardwaj is currently a student at the University of Warwick studying for an undergraduate degree in Discrete Mathematics. As a self confessed crypto-geek, he has a passion for all things security related.