In memoriam: Péter Ször 1970-2013


Helen Martin

Virus Bulletin, UK
Editor: Helen Martin


The untimely death of security researcher Péter Ször sent shockwaves across anti-malware community last month. Some of those who knew him best pay tribute to a brilliant mind and a true gentleman.

We were shocked and saddened to learn of the sudden and unexpected death last month of security researcher and VB advisory board member Péter Ször.

One of the anti-malware industry’s brightest minds, Péter contributed almost 40 articles to Virus Bulletin over the years, spoke at several VB conferences and served for more than ten years on the VB advisory board, always eager to help where he could and provide advice and support.

We offer our sincere condolences to Péter’s family and friends – he will be remembered by the VB team with great fondness and respect.

In the following, two of Péter’s many friends and colleagues, Mikko Hyppönen and Vincent Weafer, share some of their memories of a remarkable man.

Mikko Hyppönen:

‘I hired Péter to join Data Fellows in late 1995, and he moved from Budapest to Helsinki in January 1996 – the middle of winter. He wasn’t used to the large volumes of snow and the very low temperatures that are an everyday part of the Finnish winter. He was so happy when spring finally came around and the snow melted in April, but after just two weeks of sunshine, temperatures dropped, there was a sudden snowstorm and everything was blanketed in snow again. Péter arrived at the office, confused. We asked him if he had enjoyed our typically short Finnish summer. There was a look of sheer horror in his eyes – until he realized we were joking!

‘Péter was at the heart of what was then our very small virus lab. He built the foundations of the scanning engines that we used for many years to come.

‘Péter and I would spend endless nights analysing early MS DOS viruses, and when we ran out of viruses, we would install the IPX networking stack to our PCs so we could play DOOM. Our office also had a Twilight Zone pinball machine and a Stargate arcade video game. Péter always made a point of making sure his name was on the high score boards of both – although he never quite managed to beat the Stargate score of our CEO Risto Siilasmaa.

‘Péter married his high-school sweetheart, Natalia, in 1998. Just a few months later, Natalia suffered a stroke. Péter’s love and support were instrumental in her full recovery. Their son, Daniel, was born in 2005. Peter was planning on teaching Daniel programming soon. Unfortunately this never happened.

‘Péter left Helsinki to join Symantec in the warmer climes of California in 1999. Later, he worked for start-up firm Ziften in Austin, TX, before joining McAfee in 2011. Péter married his second wife, Linda, in 2012.

‘Péter was a world-class virus analyst. He performed low level analysis of the most complex malware we’ve ever seen, including Zmist and Duqu. His seminal 2005 book Art of Computer Virus Research and Defense is still mandatory reading material in several University courses.

‘Péter will be greatly missed by a large group of friends, his wife Linda, and his eight-year-old son Daniel.’

Vincent Weafer:

‘The security industry has lost one of the pioneers of anti malware research with the very sad and untimely death of Péter Ször. For me, the loss is far deeper and more personal than this simple statement can convey, as over the many years that we worked together, Péter became a true friend and collaborator.

‘From the very first time we met on a very cold winter’s night in Helsinki, to our numerous lunch meetings in Santa Monica, and our most recent discussions on digital trust, Péter repeatedly enthralled and engaged me with his depth of technical understanding, his vision for the industry, and most of all his passion and humility. When Péter was engaged in a piece of research, it consumed him. He would drive all of his projects with great passion and energy and nothing thrilled (and scared!) him more than having his research presented to his peers or to key customers and partners. He was especially thrilled when he was asked to present at industry events such as VB, CARO and AVAR.

‘One day in 1999, I remember walking into Péter’s office to find him pounding the keyboard on his desk. I slowly and calmly asked him what he was doing and he explained that he had estimated that the best time to interrupt an old Windows virus hooking the keyboard driver was 200ms after a certain event, and he had timed his pounding to hit the exact timing to generate the interrupt. After a few minutes of this bizarre exercise, it worked and Péter successfully trapped and traced the virus behaviour. I’m sure he could have figured out many other ways to intercept the virus, but this sure seemed like the most fun.

‘Péter’s career was very distinguished and he delivered many firsts in the industry: he was the creator of one of the industry’s first anti-virus products, Pasteur Anti-Virus, Lead Virus Researcher and Engine Developer at F-Secure, Distinguished Engineer at Symantec – where he filed over 45 patents – and most recently Senior Director Technology at McAfee, where he led research on complex threats and digital trust. Péter was a prolific researcher, author, surfer and educator, and he held more than 39 patents on computer security and anti virus research.

‘In light of these great achievements, it comes as no surprise that phrases that have repeatedly come to the fore in describing Péter are “a brilliant mind”, “very smart”, and in reference to his death, “what a great loss to the industry”. What is more striking is how many times people use the words “humble”, “sensitive” and “very caring” to describe him. The many people that Péter took the time to mentor will certainly attest to his possession of those qualities – everyone came away from his mentoring sessions feeling as if Péter had spent time honing his skills just to teach them. It didn’t matter whether you were a seasoned researcher or a newbie to the industry, Péter showed the same level of care and patience to all as he walked through the materials. It is fitting that one of his last tasks was to complete an online training session for McAfee employees on malware research.

‘His many friends and colleagues in the industry will miss Péter very much. The industry and his friends are better off for having known him.’

Memorial service

Péter was buried at a private funeral in his native Hungary and a memorial was held in California in TeWinkle Park, Costa Mesa. Jeannette Jarvis attended: ‘It was a lovely (however sad) memorial attended by people from all aspects of Péter’s life – industry, surfing, music, neighbours, family – many of whom addressed the group to share their memories of him.

‘It is evident that Peter was important to and touched very many people. The common theme was how brilliant yet humble he was. How he would reach out and help anyone, any time. He was a patient teacher no matter whether he was discussing malware or showing someone how to surf. He thought deeply about a lot of things, but also had a youthful enthusiasm that was contagious. Time and again it was mentioned how important his body of work is for the security industry, and how it will live on for many years to come.

‘While his life was short, it was deeply lived. He will be missed by so many.’

A lasting memory

As a way of celebrating Péter’s life and work on an ongoing basis, we will soon be announcing details of the ‘Péter Ször Award’, which we plan to award annually at the VB conference to an individual who has made an exceptional contribution to the security industry. The conditions and criteria for the award will be announced in due course. (With thanks to Luis Corrons for the suggestion.)

An online memorial page has been set up by Péter’s friends and family at:



Latest articles:

Powering the distribution of Tesla stealer with PowerShell and VBA macros

Since their return more than four years ago, Office macros have been one of the most common ways to spread malware. In this paper, Aditya K Sood and Rohit Bansal analyse a campaign in which VBA macros are used to execute PowerShell code, which in…

VB2017 paper: Android reverse engineering tools: not the usual suspects

In the Android security field, all reverse engineers will probably have used some of the most well-known analysis tools such as apktool, smali, baksmali, dex2jar, etc. These tools are indeed must‑haves for Android application analysis. However, there…

VB2017 paper: Exploring the virtual worlds of advergaming

As adverts in gaming (‘advergaming’) ecosystems continue to become more sophisticated, so the potential complications grow for parents, children and gamers, who just want to play without having to worry about where their data is going (and how it is…

Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach

Two or more mobile apps, viewed independently, may not appear to be malicious - but in combination, they could become harmful by exchanging information with one another and by performing malicious activities together. In this paper we look at how…

VB2016 paper: Wild Android collusions

Mobile operating systems support multiple communication methods between apps. Unfortunately, these handy inter-app communication mechanisms also make it possible to carry out harmful actions in a collaborative fashion. Two or more mobile apps, viewed…

Bulletin Archive