McAfee: Virus writers going local

Virus writers are creating malware that is specially designed to infect users in a specific country

The program is nasty. It deletes pictures and movies from your hard drive and then it teases you: "Even though Mr. Kaneko was found guilty, you are still using Winny. I really hate such people," taunts an animated woman on your screen.

Welcome to the age of localized malware.

Over the past two years virus writers have increasingly targeted their malicious programs to users in different regions of the globe, creating programs that are specially designed to infect users in countries like Japan, Brazil, China or Germany.

Take the taunting Trojan, which goes after users of the Winny file-sharing program. (Winny creator Isamu Kaneko was convicted of abetting copyright violations in late 2006) Winny is file-sharing software that is incredibly popular in Japan, but virtually unknown outside of the region. Still, it's been the target of several malware programs, according to Dave Marcus, security research and communications manager for McAfee Avert Labs. "Japan has some really unique factors that we just don't see anywhere else," he said. "There are a couple of malware writers in Japan who don't like people who illegally share content."

Previously, attackers would write programs that would affect the largest possible number of users, but that's no longer necessarily the case, Marcus said. "What we've noticed over the last couple of years is that a growing amount of malware is localized."

McAfee believes that there are a few reasons behind this shift. For one thing, writers no longer want the worldwide attention and law enforcement action that was garnered by outbreaks such as Sasser and Netsky.

And with users becoming more wary, hackers have to be crafty with their attacks -- creating more targeted malware that victims are unlikely to have seen before. Another factor is that criminals are increasingly targeting their attacks to regions that have weak cybercrime enforcement, McAfee believes.

Regional attacks also cater to regional tastes. Online banking is widely used in Brazil, so much of the malware there tries to steal banking usernames and passwords. In China, online gaming is so popular that Chinese World of Warcraft password stealers are now the second-largest class of malware tracked by McAfee, Marcus said.

These regional attacks are part of an explosion of viruses and Trojan programs that is making life more difficult for people companies like McAfee that track and intercept the malware. In 2006, the company identified 53,537 unique pieces of malware according to data set to be published Thursday in Sage, McAfee's semi-annual magazine devoted to security issues.

Last year that number jumped 246 percent to 131,862, and it could double again this year. By the end of 2008, McAfee expects to be identifying about 750 pieces of malware per day.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies