Never ones to pass up a growing market, cybercriminals are turning their targets on the growing markets around the world, creating localized content in native languages or targeting specific interests of that nation.
That’s the main takeaway from McAfee Avert Labs global malware trends Sage report, called “One Internet, Many Worlds.” For the longest time, Americans and English-speakers were the targets, but the crooks are going global. The growth of emerging markets like BRIC (Brazil, Russia, India and China) and EMEA (Europe, Middle East and Africa) has served to make them targets as well.
“Two years ago, we couldn’t have had this conversation,” Dave Marcus, security research and communications manager for McAfee’s Avert Labs, told InternetNews.com. “Most malware and spam was 95 to 98 percent English, directed at people who speak English. Now international malware is six to seven percent of the total instead of one to two percent, and it’s growing.”
With 23 languages in the European Union alone, McAfee’s researchers found that cybercriminals are either hiring locally in different nations or swapping code written in different languages so they can target specific countries.
“When you try to expand a business into a new geography, you look for resources that speak the language and know the nuances. So they are trading languages or farming it out to people who speak the local languages,” said Marcus.
[cob:Related_Articles]One recent example noted by McAfee was an Italian spam
In China, with more than 137 million computer users, the currency is online games. Asia is ripe with persistent virtual worlds that charge a monthly fee to play, and McAfee found the majority of the malware in China is password-stealing Trojans designed to grab not the login and password to a bank, but to games like “World of Warcraft” and “Lineage.”
In Japan, peer-to-peer file sharing networks are extremely popular, and thus popular targets for theft. Not of money but the contents of the user’s hard drive. The most popular network there is called Winny, but it’s frequently under attack due to misconfiguration of the software. The motivation, though, is unique: many of the attacks on Winny users are from people angry the users are engaging in theft.
One virus, called Antinny, would delete audio and video files being shared by Winny users, and then berate the victim for their intellectual property theft. This gave Marcus a laugh. “You’d never see such righteous indignation like this in the U.S., where someone wrote a program to destroy audio and video files people are sharing, and then it taunts you for doing it,” he said.
In Brazil, a nation that has strongly embraced online banking, cybercrooks are going after online banking information with sophisticated social engineering scams written in native Portuguese to trick Brazilians into giving up personal information. In 2005 alone, the Brazilian Banks Association estimated losses at about US$165 million.
The rise in international malware is just a logical follow on to the growth in international markets. With everyone from semiconductor firms to cell phone companies talking about international growth, it stood to reason that those markets would be targeted eventually.
“Many more parts of the world are coming online and a lot more people around the world have disposable income. If you are apt to use online payment and online buying and selling they are likely to target your money,” said Marcus.
The problem is only growing. At the start of the year, McAfee identified around 528 new pieces of malware per day. By the end of 2008, it expects to see 750 new pieces per day.
The Sage report is available through the McAfee Threat Center.