Yo Quiero Antivirus. Malware Goes Multilingual
With BRIC and EMEA markets emerging, the bad guys go after non-American targets.
Never ones to pass up a growing market, cybercriminals are turning their targets on the growing markets around the world, creating localized content in native languages or targeting specific interests of that nation.
That's the main takeaway from McAfee Avert Labs global malware trends Sage report, called "One Internet, Many Worlds." For the longest time, Americans and English-speakers were the targets, but the crooks are going global. The growth of emerging markets like BRIC (Brazil, Russia, India and China) and EMEA (Europe, Middle East and Africa) has served to make them targets as well.
"Two years ago, we couldn't have had this conversation," Dave Marcus, security research and communications manager for McAfee's Avert Labs, told InternetNews.com. "Most malware and spam was 95 to 98 percent English, directed at people who speak English. Now international malware is six to seven percent of the total instead of one to two percent, and it's growing."
"When you try to expand a business into a new geography, you look for resources that speak the language and know the nuances. So they are trading languages or farming it out to people who speak the local languages," said Marcus.
One recent example noted by McAfee was an Italian spam (define) attack. The email, written in perfect Italian and only sent to the nation of Italy, said the recipient may be the target of a government investigation and they should click on a link to see if they were under investigation. Guess what was on the other end of that link? Hint, it wasn't an Italian government server.
In China, with more than 137 million computer users, the currency is online games. Asia is ripe with persistent virtual worlds that charge a monthly fee to play, and McAfee found the majority of the malware in China is password-stealing Trojans designed to grab not the login and password to a bank, but to games like "World of Warcraft" and "Lineage."
In Japan, peer-to-peer file sharing networks are extremely popular, and thus popular targets for theft. Not of money but the contents of the user's hard drive. The most popular network there is called Winny, but it's frequently under attack due to misconfiguration of the software. The motivation, though, is unique: many of the attacks on Winny users are from people angry the users are engaging in theft.
One virus, called Antinny, would delete audio and video files being shared by Winny users, and then berate the victim for their intellectual property theft. This gave Marcus a laugh. "You'd never see such righteous indignation like this in the U.S., where someone wrote a program to destroy audio and video files people are sharing, and then it taunts you for doing it," he said.
In Brazil, a nation that has strongly embraced online banking, cybercrooks are going after online banking information with sophisticated social engineering scams written in native Portuguese to trick Brazilians into giving up personal information. In 2005 alone, the Brazilian Banks Association estimated losses at about US$165 million.