Government Agency Highlights Norman Cyber Security Assistance in Disabling Large, Multinational Malicious Software Organization

London – Nov. 15, 2010 – The Dutch National High Tech Crime Unit (NHTCU), a cyber-division of the police (KLPD), in a presentation at the GOVCERT.NL Symposium, today recognized Norman ASA’s forensic contributions in assisting multinational police agencies in monitoring and disabling large, multinational cybercrime botnets.

A botnet is a network of computers that can number more than a million nodes, where the computers are infected with malicious software and are controlled by one or more Command and Control servers. This network can instruct computers in the botnet to engage in cyber criminal activities such as denial of service, sending spam, stealing passwords, and stealing private personal data and financial information. Additionally, many botnets are associated with Command and Control servers specialized in spamming to sell fake pharmaceuticals, counterfeit medicines, fake dating services and pornography – primarily to capture legitimate credit card numbers for later criminal use.

The Taurus Botnet Monitoring project coordinated by the government agencies was detailed in a presentation at the symposium. Government officials recognized Norman’s contribution in assisting police agencies in taking down the botnets.  Norman made available to authorities its full Botnet Database, a collection of detailed botnet information that is updated 24×7, containing information to access the Command and Control servers and botnet channels. The Norman Botnet Database was put into a special tool that is able to monitor all the different botnets and collect commands send by the Command and Control servers to the affected systems.

“One of the most important strategies of the Dutch National High Tech Crime Units at this moment is cooperating with the private sector,” said Marijn P.M. Schuurbiers, Senior Advisor & Project Leader of the Taurus project. “We have goals that overlap, but each party has their own skills or powers. Norman has a huge amount of malware data and related intelligence, we have legal powers to intercept related entities, and in the end arrest involved suspects. Combining these skills and powers offer the best possibilities to combat cybercrime. The input from the Taurus Project’s participants in the form of malware samples, expertise and intelligence, has been of vital importance. We were very pleased that cooperation with Norman worked out so well. And hopefully, this cooperation will get a follow-up.”

“Over the past decade Norman has been recognized as the global leader in developing forensic technology capabilities,” said Stale Ekelund, Norman Chief Technology Officer. “This core competency in complex malware forensics enables us to play an important role in uncovering botnets used for criminal activities.”

Norman is the leader in malware analysis through its Norman SandBox portfolio of tools, including SandBox® Analyzer, Norman SandBox® Reporter, Norman SandBox® Analyzer Pro and Norman SandBox® Online Analyzer.  In October Norman’s SandBox technologies were recognized at the prestigious VB2010 security conference as the most innovative security idea in the past decade.

“Norman was honored to be a major participant in this critical international effort to disable these botnets – actions that will make the cyber world safer,” said Righard Zwienenberg, Norman’s Chief Research Officer.  “Norman has a long history of working closely with investigative, police and intelligence agencies around the world to help them monitor cyber criminal activity.”

In addition, military, educational institutions, financial institutions and large enterprises also rely on Norman SandBox technology to automate the analysis of large volumes of malware. Manual analysis that takes days or even weeks can be done in hours and even minutes using SandBox technology.

For more information about Norman malware analysis capabilities and other endpoint and network security solutions, please visit

For additional information about Norman’s role in the Taurus project, please visit the updated Security Blog in the SandBox Security Center at