Malware gets regional in effort to target specific populations
- By William Jackson
- Feb 22, 2008
Writers of malicious code are becoming more skilled in crafting attacks to target new victims, exploiting locally popular applications and baiting the attacks with e-mail messages and Web sites using more languages, according to research by McAfee Inc.
There has always been localized malware, said Dave Marcus, security research and communications manager at McAfee Avert Labs. 'It's becoming more pronounced lately.'
Avert Labs examined global malware trends in its third Sage report, 'One Internet, Many Worlds,'
compiled from research into global trends in online threats. The report is published twice a year. Among the findings is that attacks are becoming more targeted to a particular population and that the attackers are increasingly attuned to cultural differences, tailoring their attacks accordingly.
'Better social engineering is now required to get your malware properly seeded,' Marcus said. 'You can't afford typos any more.'
Although crudely crafted e-mail message come-ons with grammatically incorrect subject lines still flood in-boxes, a greater degree of professionalism is not required for an attack to be successful, Marcus said. Cybercriminals must adapt to different cultures and languages if they do not want to abandon them as potential markets. Consumers in non-English speaking countries often deleted English-language spam and phishing e-mail messages. Today malware authors adapt the language to the Internet domain site where the scam message is being sent, and malicious Web sites serve malware in a language determined by the country in which the target is located.
'If I want to scam them in their local language, I have to look like I know what I'm talking about,' Marcus said.
Effective targeting means understanding behavior and language. A majority of the malware found in China, where a quarter of the 137 million computer users play online games, is password-stealing Trojans designed to steal users' identities in online games and their credentials for virtual currency accounts. In Japan, the popular peer-to-peer application Winny is prone to malware infestations that can cause serious data leaks. Another common target in Japan is Ichitaro, a popular word processor program. There have been several attacks against Ichitaro users that exploited unpatched security vulnerabilities to install spyware on the target machines.
Researchers also found that local economic factors are major drivers in the amount of malicious activity in a country. Cybercrime rings recruit malware writers in countries with high unemployment and high levels of education such as Russia and China. China has become a breeding ground for malware writers because a large number of skilled coders do not have legitimate work and they are driven to cybercrime in search of money, the report states. The technical skills of Russians in a stumbling economy also make for an active market of hackers.
But there also is some good news from overseas. Although the Russian economic situation, like that of China's, has driven many hackers to a life of cybercrime, Avert Labs predicts that with a strengthening economy and stronger law enforcement, Russian-made malware will gradually decrease.
William Jackson is a Maryland-based freelance writer.