Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internationalization of Malware

Posted by Soulskill on from the one-man's-trash dept.

Ant brings us a write-up from a former malware analyst about the difficulties in fighting malware as it expands beyond English-language targets and into societies with different standards for privacy and security. Quoting: "One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in. Anti-cheating rootkits are very common in games released in these countries. What is considered to be invasive in the North American or European world is acceptable there. These anti-cheating rootkits would hook into the kernel space in a very invasive way, and have the behavioral characteristics of malware such as hooking into the keyboard driver. This made it very difficult from a purely technical standpoint to distinguish them."

3 of 81 comments (clear)

  1. Unicode! by ztransform · · Score: 1, Informative

    I was going to post a reply but slashdot can't handle unicode :(

  2. Sony didn't only rootkit their CDs by know1 · · Score: 5, Informative

    I was extremely pissed off with the whole sony rootkit debacle, which was covert. I was even more pissed off when they bought one of my favourite music production programs Acid Pro and I checked it for the tell-tale signs of the rootkit (the processes that are started with $SYS$ are hidden from the process list) and found it present in that too. If anyone uses this product then the last rootkit free version is Acid Pro 4. Just a heads up.

  3. Re:Gameguard? Easily bypassed. by nog_lorp · · Score: 2, Informative

    Botting programs aren't all it is intended to stop. As a matter of fact, botting is not preventable, it can only be limited in power. You could always hook up a device that would give keyboard input, and pass the video through it. What they do a fairly good job of stopping (making very difficult at least) is getting read/write access to the memory, forcing bots to rely on interpreting pixel data, which is rather unreliable, and preventing many hacks that result from those games having bad client/server separation of trust.

    For example, the Korean game MapleStory relies on the client to handle lots of the monster positioning: in a given map, every client is responsible for an equal share of monster positions. This means that when you are alone, you could cause your client to lie, and warp all the monster to one spot. It would cost huge amounts to upgrade their infrastructure to handle all that positioning on the server, so they do their best to make the client trusted.

    Nowadays, people use CPU virtualization to circumvent such rootkits.