Different Countries, Different Scams

Microsoft finds that the Trojans and viruses spreading around China and Brazil differ from those in the rest of the world.

Robert Lemosarchive page

August 19, 2009

Data released by Microsoft last week underscores the fact that the information criminals choose to steal varies from country to country. China’s online criminals focus on stealing the digital keys to popular online games, for example, while Brazil’s data thieves prefer grabbing victims’ bank account information.

In a blog post published on August 10, Microsoft program manager Scott Wu compared the worldwide malicious software trends to those of China and Brazil. The top four of the most popular malicious programs, which closely follow the United States and European markets, are three fake security software programs and a downloader that installs fake security software. However, in China, four of the top five threats are password stealers for online games, and in Brazil, three of the top four threats are Trojans that steal the usernames and passwords for online bank accounts.

Microsoft expects the trend to continue. “As the malware ecosystem [has become] more reliant on social engineering, threats worldwide have become more dependent on language and cultural factors,” Microsoft said in an e-mail response to questions regarding the blog post. “In China, several malicious browser modifiers are prevalent. In Brazil, malware that targets users of online banks is widespread. And in Korea, viruses are common.”

While legal policy has not quite caught up with rogue security software in the United States, Microsoft says that social engineering, not legal holes, are what determines the threat trends.

“Most likely, the threat landscape varies more because of the possibility of returns,” says Microsoft. “Rogue security software purveyors will likely focus on the regions where people are more willing and likely to pay (with a credit card) for what they think is legitimate security software.”

A comparison between the malicious software prevalent on compromised computers in Brazil and China and those worldwide. (Source: Microsoft)

Most purveyors of such programs are pursued with a civil lawsuit by the Federal Trade Commission (FTC), not with criminal prosecution. For example, last year, the FTC won a $1.9 million judgment against Innovative Marketing, which sold more than 1 million copies of fake security software for at least $39.95 each.

Only one of the most prevalent threats in Brazil and China–a program called Frethog– is also common worldwide. The software steals passwords for popular games and rankssecond in China, fifth in Brazil and eighth worldwide, according to Microsoft’s data.

Another password stealer, called Taterf, is on the top 10 list both in Brazil and worldwide. It steals credentials for popular online games such as World of Warcraft and Lineage and ranks second on the top 10 list of malicious software in Brazil and first on the worldwide list. Finally, the bot programs Rbot and Zlob are on both the Brazilian list and the worldwide list.