Thursday, February 21, 2008

Localizing Cybercrime - Cultural Diversity on Demand

Cultural diversity on demand is something I anticipated as a future malware trend two years ago - "Localization as a concept will attract the coders’ attention" :

"By localization of malware, I mean social engineering attacks, use of spelling and grammar free native language catches, IP Geolocation, in both when it comes to future or current segmented attacks/reports on a national, or city level. We are already seeing localization of phishing and have been seeing it in spam for quite some time as well. The “best” phish attack to be achieved in that case would be, to timely respond on a nation-wide event/disaster in the most localized way as possible. If I were to also include intellectual property theft on such level, it would be too paranoid to mention, still relevant I think. Abusing the momentum and localizing the attack totarget specific users only, would improve its authenticity. For instance, I’ve come across harvested emails for sale segmented not only on cities in the country involved, but on specific industries as well, that could prove invaluable to a malicious attack, given today’s growth in more targeted attacks, compared to mass ones."

It's been happening ever since, and despite that it's already getting the attention of vendors, malware authors do not need to know any type of foreign language to spread malware, spam and phishing emails in the local language, they do what they're best at (coding, modifying publicly obtainable bots source code), and outsource the things they cannot do on their own - come up with a locally sound message which would leter on be used for localized malware, spam and phishing attacks, a tactic with a higher probability of success if there were to also request that spammers can segment the harvested email databases for better campaign targeting. The Release of Sage 3 - The Globalization of Malware :

"In this issue we look at the growing trend of localization in malware and threats. Cybercriminals are increasingly crafting attacks in multiple languages and are exploiting popular local applications to maximize their profits. Cybercrooks have become extremely deft at learning the nuances of the local regions and creating malware specific to each country. They're not just skilled at computer programming they're skilled at psychology and linguistics, too."

With all due respect, but I would have agreed with this simple logic only if I wasn't aware of translation services on demand for anything starting from malware to spam and phishing messages. We can in fact position them in a much more appropriate way, as "cultural diversity on demand" services, where local citizens knowingly or unknowingly localize messages to be later on abused by malicious parties. Malware authors aren't skilled at linguistics and would never be, mainly because they don't even have to build this capability on their own, instead outsource it to cultural diversity on demand translation services, ones that are knowingly translating content for malware, spam and phishing campaigns.

The perfect example would be MPack and IcePack's localization to Chinese, and yet another malware localized to Chinese, as these two kits are released by different Russian malware groups, but weren't translated by them to Chinese, instead, were localized by the Chinese themselves having access to the kits - a flattery for the kits' functionality, just like when a bestseller book gets translated in multiple languages. As for the socioeconomic stereotype of unemployed programmers coding malware, envision the reality by considering that sociocultural, rather than socioeconomic factors drive cybercrime, in between the high level of liquidity achieved of course.