Mikko Hypponen, an antivirus researcher at F-Secure, a computer security firm based in Finland, and his research team helped the FBI prevent the SoBig.F computer worm attack from being far worse than it was, The New York Times reports.
As Hypponen and his researchers worked with their initial sample of the virus, sent to them by a concerned customer, they discovered a list of Internet protocol addresses linked to home computers in the United States, Canada and South Korea, that were apparently the unwitting transmitters of the virus.
As it turned out, they learned, SoBig.F was a veritable time bomb, set to use those 20 machines to send out malicious instructions to millions of computers at exactly 3 p.m. last Friday.
F-Secure officials contacted the Federal Bureau of Investigation, which quickly began the task of taking the computers offline in hopes of isolating the problem. With the help of Mr. Hypponen’s team and dozens of other researchers throughout the world, they were successful.
While the program had already begun wreaking havoc on some home computers and corporate computer systems, the damage could have been far worse.
Mr. Hypponen, the director of antivirus research at F-Secure, is widely considered one of the best antivirus researchers in the world. He is quick to point out that combating a major virus quickly becomes a joint effort of all those involved in antivirus research, regardless of their competitive position.
“There’s very fierce competition on the sales side, but on the technical side we share what we have,” he said. “The cooperation and communication is very open among the small group who are doing deep research.”
Mr. Hypponen said that in the 1980’s antivirus researchers felt they needed to guard their work for competitive reasons, but they quickly realized that secrecy caused disastrous delays. These days, the roughly 150 researchers around the world know that it is to everyone’s advantage to share code samples and information.