back to the Eurescom home page



mess@ge home

Table of contents
of the current issue

Selected Highlights
An overview on
ICT and critical
structure protection


Wireless sensor
and actuator net-
works for critical


Protection of elec-trical energy
infrastructures -
The example of


Interview with
Aurelio Blanquet


drinking water


Critical infra-
structures in


Malware – Can we stop this crime?

David Kennedy

David Kennedy
Director of Eurescom

I have recently experienced a malware attack on our home PC. I know I am not alone in this, as recent EU statistics show that more than 30 percent of us have had similar experiences. However, this was personal – they were in our family computer! One of my teenage daughters was confused by a trick question in a Windows-like box and, by clicking “No” to an obtuse question, she managed to initiate an attack from “Spyware Protector”.

Now this scam is nasty. It is so clever that it bypasses your virus checker and actively prevents you from running system tools. It disables a surprising number of support functions, generates false virus reports, and does even not allow you to delete it. Then it pretends to be a real spyware/virus removal programme and uses very persuasive professional looking screens to ask you to pay money if you want to remove the viruses.

I was angry at this programme taking control of my PC and demanding money to give it back. The same thing happened to my parents’ PC in Ireland, and they simply stopped using their computer as they did not know what to do. This is clearly wrong.

If I was to stop you in the street and tell you that you can’t proceed unless you pay me money, you would be the first to call the police and have me arrested for blackmail, intimidation, assault with menace and demanding money. And the police would probably agree and lock me up.

However, if I occupy your computing resources and demand money to release them, you immediately tend to think in terms of virus checkers, malware removal and other remedial actions as if the user is at fault. But are we missing something? What else can we do?

We can look at the real world for advice: Germany has a rule on letter boxes that makes it clear when the owner has a sign saying “No advertisements”, you are not allowed to put ads in there. Germany introduced a similar law with high penalties for phone calls from cold callers pushing unwanted contracts on people. There are rules for the Internet, but it is not clear if they are enforceable, and they vary from country to country.

What we should do

The first thing is to try and step out of our current PC/Internet conditioning. Right now if your computer and Internet connection do not work, you set about repairing it on the basis there is a fault in the complex set of programmes and functions in your machine. However, in the case of malware, there is no fault. A third party is taking control of your assets.

Normally we describe this as stealing and call the police. So why do we not think of calling the police about malware? I managed, with some difficulty, to find the web site where the German police invite us to report such malicious behaviour. Even then I hesitated as I did not know what the consequences of this would be. What if they want my computer for evidence? Will the law then deprive me of the use of my computer in the interest of securing evidence, just as the malware did trying to exhort money?

So to overcome these problems, we have to take two types of action:

1. The first is to recognise the crimes.
Who has ever reported a virus or malware attack to the police and what will the police do? Should we report every such attack? Yes! And the more people report incidents, the sooner such things can be policed. The laws need to be tested in court.

2. The second is to have laws that can act without making things worse for the victims.

Evidence should be simple to obtain – certified scan results should be sufficient for prosecution. The “Software Protector” type guys should be liable to high fines for each attempted forced sale under European law. Europe should have rules for following such criminals outside of Europe too, so they cannot hide.

Come on Europe, protect the citizens with simple rules that encourage reporting of these crimes! An alternative is that we stop using the open Internet and divide it into safe walled gardens where we only communicate with those we know and trust, but this will kill Internet freedom quicker than any net neutrality debate.


We need to increase our recognition of, and reaction to, cyber crime – it is not only criminal when they steal your money or your identity; it is also criminal when they use malware to damage your property and steal your time.

P.S. I did manage to get “Spyware Protector” out of my computer without paying the ransom – but I haven’t reported it to the police yet!

Please send us your comments on this article.