It's true.

Think about everything it has brought us.

Think about all the services we use,

all the connectivity,

all the entertainment,

all the business, all the commerce.

And it's happening during our lifetimes.

I'm pretty sure that one day

we'll be writing history books

hundreds of years from now. This time

our generation will be remembered

as the generation that got online,

the generation

that built something really and truly global.

But yes, it's also true

that the Internet has problems, very serious problems,

problems with security

and problems with privacy.

I've spent my career

fighting these problems.

So let me show you something.

This here

is Brain.

This is a floppy disk

-- five and a quarter-inch floppy disk

infected by Brain.A.

It's the first virus we ever found

for PC computers.

And we actually know

where Brain came from.

We know because it says so

inside the code.

Let's take a look.

All right.

That's the boot sector of an infected floppy,

and if we take a closer look inside,

we'll see that right there,

it says, "Welcome to the dungeon."

And then it continues,

saying, 1986, Basit and Amjad.

And Basit and Amjad are first names,

Pakistani first names.

In fact, there's a phone number and an address in Pakistan.

(Laughter)

Now, 1986.

Now it's 2011.

That's 25 years ago.

The PC virus problem is 25 years old now.

So half a year ago,

I decided to go to Pakistan myself.

So let's see, here's a couple of photos I took while I was in Pakistan.

This is from the city of Lahore,

which is around 300 kilometers south

from Abbottabad, where Bin Laden was caught.

Here's a typical street view.

And here's the street or road leading to this building,

which is 730 Nizam block at Allama Iqbal Town.

And I knocked on the door.

(Laughter)

You want to guess who opened the door?

Basit and Amjad; they are still there.

(Laughter)

(Applause)

So here standing up is Basit.

Sitting down is his brother Amjad.

These are the guys who wrote the first PC virus.

Now of course, we had a very interesting discussion.

I asked them why.

I asked them how they feel about what they started.

And I got some sort of satisfaction

from learning that both Basit and Amjad

had had their computers infected dozens of times

by completely unrelated other viruses

over these years.

So there is some sort of justice

in the world after all.

Now, the viruses that we used to see

in the 1980s and 1990s

obviously are not a problem any more.

So let me just show you a couple of examples

of what they used to look like.

What I'm running here

is a system that enables me

to run age-old programs on a modern computer.

So let me just mount some drives. Go over there.

What we have here is a list of old viruses.

So let me just run some viruses on my computer.

For example,

let's go with the Centipede virus first.

And you can see at the top of the screen,

there's a centipede scrolling across your computer

when you get infected by this one.

You know that you're infected

because it actually shows up.

Here's another one. This is the virus called Crash,

invented in Russia in 1992.

Let me show you one which actually makes some sound.

(Siren noise)

And the last example,

guess what the Walker virus does?

Yes, there's a guy walking across your screen

once you get infected.

So it used to be fairly easy to know

that you're infected by a virus,

when the viruses were written by hobbyists

and teenagers.

Today, they are no longer being written

by hobbyists and teenagers.

Today, viruses are a global problem.

What we have here in the background

is an example of our systems that we run in our labs,

where we track virus infections worldwide.

So we can actually see in real time

that we've just blocked viruses in Sweden and Taiwan

and Russia and elsewhere.

In fact, if I just connect back to our lab systems

through the Web,

we can see in real time

just some kind of idea of how many viruses,

how many new examples of malware we find every single day.

Here's the latest virus we've found,

in a file called Server.exe.

And we found it right over here three seconds ago --

the previous one, six seconds ago.

And if we just scroll around,

it's just massive.

We find tens of thousands, even hundreds of thousands.

And that's the last 20 minutes of malware

every single day.

So where are all these coming from then?

Well today, it's the organized criminal gangs

writing these viruses

because they make money with their viruses.

It's gangs like --

let's go to GangstaBucks.com.

This is a website operating in Moscow

where these guys are buying infected computers.

So if you are a virus writer

and you're capable of infecting Windows computers,

but you don't know what to do with them,

you can sell those infected computers --

somebody else's computers -- to these guys.

And they'll actually pay you money for those computers.

So how do these guys then monetize

those infected computers?

Well there's multiple different ways,

such as banking trojans, which will steal money from your online banking accounts

when you do online banking,

or keyloggers.

Keyloggers silently sit on your computer, hidden from view,

and they record everything you type.

So you're sitting on your computer and you're doing Google searches.

Every single Google search you type

is saved and sent to the criminals.

Every single email you write is saved and sent to the criminals.

Same thing with every single password and so on.

But the thing that they're actually looking for most

are sessions where you go online

and do online purchases in any online store.

Because when you do purchases in online stores,

you will be typing in your name, the delivery address,

your credit card number and the credit card security codes.

And here's an example of a file

we found from a server a couple of weeks ago.

That's the credit card number,

that's the expiration date, that's the security code,

and that's the name of the owner of the card.

Once you gain access to other people's credit card information,

you can just go online and buy whatever you want

with this information.

And that, obviously, is a problem.

We now have a whole underground marketplace

and business ecosystem

built around online crime.

One example of how these guys

actually are capable of monetizing their operations:

we go and have a look at the pages of INTERPOL

and search for wanted persons.

We find guys like Bjorn Sundin, originally from Sweden,

and his partner in crime,

also listed on the INTERPOL wanted pages,

Mr. Shaileshkumar Jain,

a U.S. citizen.

These guys were running an operation called I.M.U.,

a cybercrime operation through which they netted millions.

They are both right now on the run.

Nobody knows where they are.

U.S. officials, just a couple of weeks ago,

froze a Swiss bank account

belonging to Mr. Jain,

and that bank account had 14.9 million U.S. dollars on it.

So the amount of money online crime generates

is significant.

And that means that the online criminals

can actually afford to invest into their attacks.

We know that online criminals

are hiring programmers, hiring testing people,

testing their code,

having back-end systems with SQL databases.

And they can afford to watch how we work --

like how security people work --

and try to work their way around

any security precautions we can build.

They also use the global nature of Internet

to their advantage.

I mean, the Internet is international.

That's why we call it the Internet.

And if you just go and take a look

at what's happening in the online world,

here's a video built by Clarified Networks,

which illustrates how one single malware family is able to move around the world.

This operation, believed to be originally from Estonia,

moves around from one country to another

as soon as the website is tried to shut down.

So you just can't shut these guys down.

They will switch from one country to another,

from one jurisdiction to another --

moving around the world,

using the fact that we don't have the capability

to globally police operations like this.

So the Internet is as if

someone would have given free plane tickets

to all the online criminals of the world.

Now, criminals who weren't capable of reaching us before

can reach us.

So how do you actually go around finding online criminals?

How do you actually track them down?

Let me give you an example.

What we have here is one exploit file.

Here, I'm looking at the Hex dump of an image file,

which contains an exploit.

And that basically means, if you're trying to view this image file on your Windows computer,

it actually takes over your computer and runs code.

Now, if you'll take a look at this image file --

well there's the image header,

and there the actual code of the attack starts.

And that code has been encrypted,

so let's decrypt it.

It has been encrypted with XOR function 97.

You just have to believe me,

it is, it is.

And we can go here

and actually start decrypting it.

Well the yellow part of the code is now decrypted.

And I know, it doesn't really look much different from the original.

But just keep staring at it.

You'll actually see that down here

you can see a Web address:

unionseek.com/d/ioo.exe

And when you view this image on your computer

it actually is going to download and run that program.

And that's a backdoor which will take over your computer.

But even more interestingly,

if we continue decrypting,

we'll find this mysterious string,

which says O600KO78RUS.

That code is there underneath the encryption

as some sort of a signature.

It's not used for anything.

And I was looking at that, trying to figure out what it means.

So obviously I Googled for it.