In memoriam: Péter Ször 1970-2013


Helen Martin

Virus Bulletin, UK
Editor: Helen Martin


The untimely death of security researcher Péter Ször sent shockwaves across anti-malware community last month. Some of those who knew him best pay tribute to a brilliant mind and a true gentleman.

We were shocked and saddened to learn of the sudden and unexpected death last month of security researcher and VB advisory board member Péter Ször.

One of the anti-malware industry’s brightest minds, Péter contributed almost 40 articles to Virus Bulletin over the years, spoke at several VB conferences and served for more than ten years on the VB advisory board, always eager to help where he could and provide advice and support.

We offer our sincere condolences to Péter’s family and friends – he will be remembered by the VB team with great fondness and respect.

In the following, two of Péter’s many friends and colleagues, Mikko Hyppönen and Vincent Weafer, share some of their memories of a remarkable man.

Mikko Hyppönen:

‘I hired Péter to join Data Fellows in late 1995, and he moved from Budapest to Helsinki in January 1996 – the middle of winter. He wasn’t used to the large volumes of snow and the very low temperatures that are an everyday part of the Finnish winter. He was so happy when spring finally came around and the snow melted in April, but after just two weeks of sunshine, temperatures dropped, there was a sudden snowstorm and everything was blanketed in snow again. Péter arrived at the office, confused. We asked him if he had enjoyed our typically short Finnish summer. There was a look of sheer horror in his eyes – until he realized we were joking!

‘Péter was at the heart of what was then our very small virus lab. He built the foundations of the scanning engines that we used for many years to come.

‘Péter and I would spend endless nights analysing early MS DOS viruses, and when we ran out of viruses, we would install the IPX networking stack to our PCs so we could play DOOM. Our office also had a Twilight Zone pinball machine and a Stargate arcade video game. Péter always made a point of making sure his name was on the high score boards of both – although he never quite managed to beat the Stargate score of our CEO Risto Siilasmaa.

‘Péter married his high-school sweetheart, Natalia, in 1998. Just a few months later, Natalia suffered a stroke. Péter’s love and support were instrumental in her full recovery. Their son, Daniel, was born in 2005. Peter was planning on teaching Daniel programming soon. Unfortunately this never happened.

‘Péter left Helsinki to join Symantec in the warmer climes of California in 1999. Later, he worked for start-up firm Ziften in Austin, TX, before joining McAfee in 2011. Péter married his second wife, Linda, in 2012.

‘Péter was a world-class virus analyst. He performed low level analysis of the most complex malware we’ve ever seen, including Zmist and Duqu. His seminal 2005 book Art of Computer Virus Research and Defense is still mandatory reading material in several University courses.

‘Péter will be greatly missed by a large group of friends, his wife Linda, and his eight-year-old son Daniel.’

Vincent Weafer:

‘The security industry has lost one of the pioneers of anti malware research with the very sad and untimely death of Péter Ször. For me, the loss is far deeper and more personal than this simple statement can convey, as over the many years that we worked together, Péter became a true friend and collaborator.

‘From the very first time we met on a very cold winter’s night in Helsinki, to our numerous lunch meetings in Santa Monica, and our most recent discussions on digital trust, Péter repeatedly enthralled and engaged me with his depth of technical understanding, his vision for the industry, and most of all his passion and humility. When Péter was engaged in a piece of research, it consumed him. He would drive all of his projects with great passion and energy and nothing thrilled (and scared!) him more than having his research presented to his peers or to key customers and partners. He was especially thrilled when he was asked to present at industry events such as VB, CARO and AVAR.

‘One day in 1999, I remember walking into Péter’s office to find him pounding the keyboard on his desk. I slowly and calmly asked him what he was doing and he explained that he had estimated that the best time to interrupt an old Windows virus hooking the keyboard driver was 200ms after a certain event, and he had timed his pounding to hit the exact timing to generate the interrupt. After a few minutes of this bizarre exercise, it worked and Péter successfully trapped and traced the virus behaviour. I’m sure he could have figured out many other ways to intercept the virus, but this sure seemed like the most fun.

‘Péter’s career was very distinguished and he delivered many firsts in the industry: he was the creator of one of the industry’s first anti-virus products, Pasteur Anti-Virus, Lead Virus Researcher and Engine Developer at F-Secure, Distinguished Engineer at Symantec – where he filed over 45 patents – and most recently Senior Director Technology at McAfee, where he led research on complex threats and digital trust. Péter was a prolific researcher, author, surfer and educator, and he held more than 39 patents on computer security and anti virus research.

‘In light of these great achievements, it comes as no surprise that phrases that have repeatedly come to the fore in describing Péter are “a brilliant mind”, “very smart”, and in reference to his death, “what a great loss to the industry”. What is more striking is how many times people use the words “humble”, “sensitive” and “very caring” to describe him. The many people that Péter took the time to mentor will certainly attest to his possession of those qualities – everyone came away from his mentoring sessions feeling as if Péter had spent time honing his skills just to teach them. It didn’t matter whether you were a seasoned researcher or a newbie to the industry, Péter showed the same level of care and patience to all as he walked through the materials. It is fitting that one of his last tasks was to complete an online training session for McAfee employees on malware research.

‘His many friends and colleagues in the industry will miss Péter very much. The industry and his friends are better off for having known him.’

Memorial service

Péter was buried at a private funeral in his native Hungary and a memorial was held in California in TeWinkle Park, Costa Mesa. Jeannette Jarvis attended: ‘It was a lovely (however sad) memorial attended by people from all aspects of Péter’s life – industry, surfing, music, neighbours, family – many of whom addressed the group to share their memories of him.

‘It is evident that Peter was important to and touched very many people. The common theme was how brilliant yet humble he was. How he would reach out and help anyone, any time. He was a patient teacher no matter whether he was discussing malware or showing someone how to surf. He thought deeply about a lot of things, but also had a youthful enthusiasm that was contagious. Time and again it was mentioned how important his body of work is for the security industry, and how it will live on for many years to come.

‘While his life was short, it was deeply lived. He will be missed by so many.’

A lasting memory

As a way of celebrating Péter’s life and work on an ongoing basis, we will soon be announcing details of the ‘Péter Ször Award’, which we plan to award annually at the VB conference to an individual who has made an exceptional contribution to the security industry. The conditions and criteria for the award will be announced in due course. (With thanks to Luis Corrons for the suggestion.)

An online memorial page has been set up by Péter’s friends and family at:



Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.