Defender

By Matt Windsor

Brian Tanner, a 2011 master’s graduate, is now working as an analyst at Sentar, a computer security firm.

What is your job like?

I do research and development focusing on malware analysis. I’m looking at ways to find the criminals who are sending it out.

cyberHow did you get started investigating Koobface?

In the summer of 2008, when I was still an undergraduate in the computer science program at UAB, I started doing malware analysis for Gary Warner. He would say, “Here’s some malware we received in the Data Mine today, and Agency X is really interested in it. When Koobface came on the scene in late 2008 I started investigating and I’d pass along my findings to Gary, who had contacts at Facebook’s security team. They told him, “This is really useful, send more!” So I did. When a new version of Koobface would come out I’d tell them, “It’s added this feature; it’s propagating in a new way, or they’re using a new tactic.” I also managed to find the e-mail addresses of some of the criminals who were sending it out.

How can you investigate viruses without infecting your own computer?

We use quarantined computers called “virtual machines” that allow us to run the virus without having it get out onto UAB’s network. Just like any science, having a safe lab environment is essential. In this case, the lab is on a computer.

How was the Koobface gang making its money?

They weren’t stealing bank account information. Instead, they were generating fake ad revenue by forcing infected computers to go to advertisers’ websites. They were also offering “crimeware”; they were renting their infected machines to other criminals who could put more malware on them.

Back to main story