We’ve met some interesting people here at CeBIT so far this year. But no one has had a better story to tell than F-Secure’s chief research officer, Mikko Hyppönen. He’s been working alongside security services all over Europe and is today flying to the UK to meet with Scotland Yard (HQ of the metropolitan police) to discuss new cases of cyber-crime.

The stories he tells are truly frightening. And despite having worked with viruses for over 17 years, Hyppönen says that even he is constantly surprised by how ingenious cyber-criminals are becoming.

Advanced criminal attacks

“I’ve been working with viruses since 1991 and since then we’ve seen big changes,” Hyppönen told TechRadar. “I think the biggest change is criminal elements entering the picture. We’re now seeing much more advanced attacks than we were expecting.

“For example we were last week analysing a series of banking Trojans which infect the user’s PC when they surf a web page by using exploits. And what it does is it writes a modified boot sector to your hard disc.

“Now first of all, writing to the boot sector on a hard drive from within Windows is supposed to be absolutely impossible, but that’s what it does. And it replaces the very first sector on your hard drive with a modified version.

So next time you reboot the computer the very first thing you run – before Windows – is the malware. It loads itself into the memory and then continues to boot the machine normally.

Online banking

“And after that when you go and do online banking and you type in account numbers where you want to save money to, it changes the numbers you type.

“So you type the number of say your electricity bill company, and it changes it to another account number which of course goes to the criminals. But it doesn’t show up on your screen – whatever you type looks fine but from the bank’s point of view, you’ve typed a different number. The money ends up going to the wrong people: the hackers.”

Hyppönen said that the most impressive part of it is that even if you’re running an anti-virus system, it can’t see any of this happening.