Slashdot Mirror
US Leads the World In Malware Creation
PetManimal writes "Symantec says that China, Russia, and the other developing countries usually blamed for the increasing amount of malware are not the biggest culprits. The security software company released a report (PDF) claiming that the US leads the world in a number of malware categories, ranging from the 'amount of malicious activity originating from their networks' to 'underground economy servers.' Preston Gralla says the US lead should come as no surprise, considering the capitalist way of life and the high level of technical knowledge. He also suggests that the some of the 'criminals' may actually be Internet entrepreneurs who crossed over to the dark side: 'It's an inevitable result of a thriving free market and tech expertise. An underground economy often mirrors the legal, above-ground one. Scratch a criminal, and sometimes you find a misguided entrepreneur, looking to get rich a little too quick.'"
There are a number of fairly organized malware purveyors from Canada as well, I think what separates the malware originating from North America, and the malware coming from the East is the purpose of the malware.
In NA, its mainly spyware or extortionware.
From the East a majority of them are keyloggers, dialers.
Takes one to know one. Symantec's software has all the qualities you'd ever want in a well crafted piece of malware.
Scratch a criminal, and sometimes you find a misguided entrepreneur, looking to get rich a little too quick.
Is malware even illegal? How is malware different from say, an automatic update or some other less than desirable software? Just because something is annoying doesn't necessarily mean it's illegal and that the author is a criminal.
That said . . . in your face, China, Russia and the other developing countries - in your face!
Oh, and a slight aside to the /. eds - I suspect that both the Chinese and the Russian people would be *ahem* amused at having their respective countries referred to as "developing countries". Just sayin'
Sometime when you're looking for an evening's entertainment (and not in the company of others, unless they also find this sort of thing terribly interesting), fire up a VMWare VM and load it up with Windows XP SP1, then fire up Internet Explorer and browse around. For fastest results, be sure to hit up some of the seedier side of the internet -- a quick Google for "serial numbers" will get you malware-ridden sites within the first few results. Then, just hit yourself on the head or otherwise simulate a stupid/ignorant user, and click "OK" to anything the computer prompts at you for a few minutes.
In short order, you will probably have so much adware, malware, Trojans, and keyloggers on the VM, it's nearly impossible to ever clean it out (AFAIK you really can't with any reliability say that a machine once rooted is 'clean' until you zero the drive and reinstall from media). Monitoring the network connections and traffic that the VM makes is also pretty interesting. (Its easiest if you set up the VM's virtual interface with a different IP than the host machine's physical interface.)
If you want to go for a second round, Google "adware removal" and download or run the first half-dozen or so tools that you see; chances are at least some of them will make the problem worse.
The benefit of doing this in a VM is you can trivially roll the system back to an uncorrupted state, and just banish the thing altogether when you're done entertaining yourself. It really caused me to appreciate two things: one, reminding me why I don't use that OS at home, and two, the absolutely ridiculous amount of effort that must be spent (patching, updating, firewalling, antivirusing, user training) to keep the billions of Windows machines that people depend on from succumbing to the same fate in a matter of minutes.
Anyone who doesn't use Windows on a regular basis should do that every year or so, if only for the "there, but for the grace of God..." value.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
At least we still lead the world in something! Take that, Indian outsourcing companies.
Ah yes, the 'Engineers are always moral' argument. Please remind me, what programmers were assigned to the Manhatten Project, the Cruise Missile project, and who designed Napalm?
Oh yeah... that's right, they were mostly Engineers. Spare us the high-and-mighty talk. Just becuase there's an old Freemason-like order with fancy rings involved doesn't mean engineers are some kind of uber-moral fraternity.
No offense to the good-hearted engineers out there reading this.. I just don't like the uppity attitude of some 'engineers' who think that computing science, along with every other realm of human endeavour other than those blessed by the local Engineering faculty, are something akin to making cute little blocks with playdough.
Parent: get off your high horse. Lots of people, no matter their vocation, have to pay the bills, and some are just attracted to the darker side, no matter their training.
Advert for the Economist at the moment reads:
"Invest in the 4th largest world economy. Before it's number 1. China"
Since when is criticism equal to hate?
...or so it seems.
Since September 11, 2001.
When our name is on the back of your car, we're behind you all the way!
Did the author of this post even read the paper? The U.S. leads the world in Malicious Activity, this is very different from malware. Malicious Activity = phishing sites, attacks, command and control servers, bots, spam zombies and malicious code infections. The United States is the top country for the combination of all of these things. The paper does not state anywhere that the United States is the source of the most malware!