Interview with a malware hunter: Pieter Arntz
 
Posted: June 5, 2017 by Wendy Zamora
Last updated: June 2, 2017
 
Welcome to our new series: interview with a malware hunter. In these Q&A
sessions, we'll take you behind the scenes to get to know our malware
intelligence crew. Without further ado, we present our first victim,
researcher, and blogger Pieter Arntz.
 
Where are you from? Are you still there now?
 
I'm from the Netherlands. I'm there now, yes.
 
You speak four languages. What are they? How did you learn them?
 
I speak Dutch, German, English, and French. We got the basics at school and I
lived in London for a time and a place near Hamburg, Germany, as well. France
was a favorite vacation spot for me, so that's how I kept up to level.
 
How did you get into cybersecurity?
 
I started participating in the forums a long time ago, helping people who had
computer problems. Because of the people I met in the forums-Marcin, Doug,
Bruce, Mieke [Malwarebytes company founders]-I got interested in malware,
specifically adware and spyware. They were looking for someone to write removal
 guides on the forums. I volunteered, so that's how I ended up in
cybersecurity, working for Malwarebytes.
 
Did you major in computer science? How did you know how to help people with
malware problems?
 
I studied it a long time ago at University, so I had to have some basic
knowledge of code. I actually got my bachelor's in geodesy, so we had to use a
lot of computer programs of our own making to put in all the data.
 
How long have you been a cybersecurity researcher?
 
Professionally, seven and a half years. I started doing it as a hobby 18 years
ago.
 
When did you join the Malwarebytes team? What made you join?
 
November 2009 is when I joined. I watched this company grow enormously, and I
liked the people that worked here. It gave me a lot of freedom, and it made my
hobby into my work, so what else can you want?
 
What makes you stay? What do you like about this line of work?
 
I keep on learning. It doesn't get boring, there's always something new. That's
 what keeps me going. The people I work with, like Adam [Kujawa, Director of
Malware Intelligence] and Jérôme [Segura, Malware Intelligence Analyst], know
so much that I don't know, so I'm always trying to pick their minds.
 
What area of cybersecurity research do you focus on? Why this area?
 
I specialize in adware. It's the easiest to understand for me. It's like a
puzzle I can work out. When I started, there were people who were spreading
viruses just to make a name for themselves. Now we have to deal with hardened
criminals. With the money angle in mind, there is a motive to what they do. And
 adware is what the majority of people have to deal with nowadays.
 
What's the most interesting/impactful discovery you've made as a researcher?
 
I think it was Vonteera, an adware that marked certificates for security
programs as untrustworthy. Because of that, people who were infected couldn't
download security programs. I was the first person to find out how they did
that. I posted the results on the blog and wrote a fix for it. After that, the
adware disappeared a few days later.
 
What's the biggest cybersecurity "fail" you've witnessed?
 
My previous employer had a synchronized backup to back up the system every
hour. When they got a virus infection, they didn't notice for a week, so all
the infected files got written to the backup. So they lost a week's worth of
work. I was very glad I didn't work in IT there!
 
Talk to me about a day in the life of a researcher. How do you conduct your
research?
 
I start with looking at forums and see if there are any new things that people
are complaining about or having problems removing. I try finding an installer
for it using programs such as Cosmos and VirusTotal. If I can't find it
anywhere, I reach out to the users who are complaining and get the infected
file from them. Then I look to see if I should write about it-especially if it
requires additional user interaction or if it is hard to recognize the
infection. Then I check Twitter and Facebook to see if there are any other new
trends I need to write about. If I find something that Malwarebytes does not
tackle, I let the research team know.
 
What tips you off that something might be malicious?
 
I usually can guess if something is malicious is by the way it acts and the way
 it's presented. If it talks like a duck and walks like a duck, it's probably a
 duck. You always can tell if a program has something to hide.
 
When an outbreak like the recent WannaCry ransomware attack occurs, how does
that impact your work?
 
I was tipped off about WannaCry when I noticed on Twitter that a lot of
companies were complaining. People in England were being sent home from the
hospital. Alarm bells started to ring. By the time I found out what was really
going on, the other researchers in America were online and together we came up
with a plan. When we found the sample, everything else stopped, especially
since we knew our premium products already protected our customers. Zammis [one
 of our researchers] started working on reverse-engineering right away. We had
to get that information out there so other people could be safe.
 
What kind of skills does a person need to be a malware intelligence researcher?
 
You have to be able to follow tracks. Finding the sources of the malware is the
 biggest part, really. You need logical thinking and enough understanding of
coding to be able to decipher the raw elements. A big part of tracking
malicious programs down is understanding the money flow, the business model. If
 they offer something for free that promises everything you ever wanted, and
there is no catch, no improved version to purchase later on, how do they make
their money?
 
What advice do you have for people who want to break into the field?
 
If you really want to make a difference, then try to learn reverse engineering
or hacking. If you're a good reverse engineer, you can work for any company you
 like.
 
 
Regards,
 
Roger

--- PQUSA
 * Origin: NCS BBS - Houma, LoUiSiAna (1:3828/7)