Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Internationalization of Malware

Posted by Soulskill on from the one-man's-trash dept.

Ant brings us a write-up from a former malware analyst about the difficulties in fighting malware as it expands beyond English-language targets and into societies with different standards for privacy and security. Quoting: "One of the most fascinating facets of the increasing internationalization of malware is the cultural assumptions around such software. What is considered malware in the US may be commonly accepted in China or Japan, and this is largely due to the society that it exists in. Anti-cheating rootkits are very common in games released in these countries. What is considered to be invasive in the North American or European world is acceptable there. These anti-cheating rootkits would hook into the kernel space in a very invasive way, and have the behavioral characteristics of malware such as hooking into the keyboard driver. This made it very difficult from a purely technical standpoint to distinguish them."

14 of 81 comments (clear)

  1. Suppression! In MY China? by Anonymous Coward · · Score: 3, Interesting

    Oh lord, what's next, people being executed for blogging?

  2. Not news if you've tried to use a Korean website.. by crossmr · · Score: 4, Interesting

    The country lives and dies on activeX. Trying to do anything other than read basic text on most korean websites requires the installation of several activeX controls, which means IE only for a lot of sites. And if you want to create an account on one as a foreigner and don't have your foreign registration with immigration you can just give them copies of your passport..

  3. Define it by Anonymous Coward · · Score: 4, Insightful

    Malware is supposed to do Bad Things to your computer/information. If it's hooking into the kernel, it may not necessarily be malware, per se. It may just be doing business in the entirely wrong place.

    1. Re:Define it by Bieeanda · · Score: 4, Interesting
      Are Bad Things intentional effects, or can they include weird, destructive side effects as well?

      I installed NCSoft's 'Exteel', a localized version of a Korean game, complete with the Game Guard nanny app that's nigh-ubiquitous when it comes to Korean games. While it probably wasn't intentional, Game Guard did disable the interface for my uninterruptible power supply when it ran, and wouldn't allow the service to reactivate until after it shut itself down.

  4. Considered to be invasive...bla bla bla by sakdoctor · · Score: 4, Insightful

    Or is it lack of awareness. Add south Korea to that list because is currently seems acceptable to have about 10 useless browser bars attempting to take over and uninstall the competitors bar in internet explorer.

    Awareness didn't come overnight in North American or European either.

    1. Re:Considered to be invasive...bla bla bla by Anonymous Coward · · Score: 4, Interesting

      1. Most people dont know about it. For example the South Korean nProtect Gameguard is included over 80% of online games in Asia. Only after something went wrong and the games wont load, I investigated it and found out that it acted like a rootkit, then I stopped playing online games altogether.

      2. It was marketed as "anti-cheat". It wasnt supposed to be malware, right?!

      3. Online-Games companies are sick and tired of fending off cheaters themselves. On top of that you have online-cash suppliers that deploy millions of bots to collect cash, selling items, inflating prices and selling online-cash to gamers. So they turned to these "anti-cheat" software.

      4. Selling online-cash is lucrutive. That is why so many malware target gamers' account. Cheating tools are rigged with trojan that wont be recognised by virus scanner, they wait for a few months and then start to steal your stuff.
      Gamers like us are really pissed to see entire army of bot all over the map on every server.

      5. On average, anti-cheat is about 50-60% effective, but they update it weekly. It also present a challenge. It is effective to stop a gamer to cheat, however, the cash-suppliers are in the cracking contest since it is highly lucrutive.

      6. The anti-cheat tools like Gameguard is language-natural, it will look for cheating tools based on Unicode/Wide-char strings, in theory it will work for any online-games. Not to mention Punk-buster is also in the same league. Just that Gameguard is particularly nasty with hiding, extremely intrusive and difficult to un-install.

      What is happening is ugly and convoluted. Especially when 90% of "characters" are bots. It is very easy to spot a bot, especially when the entire group is in action. I even had fun luring big bosses (some mmorpg has big boss on each map) to ruin their party. Some mmorpg even supply their official version of "automated tools" to run your own bots, just to keep the players in the game. What fun left when the entire map is occupied by bots, and the game is basically reduced to a chatroom with only a handful of human players?

      It might happen to WOW, only a matter of time.

  5. Up front, or covert? by petes_PoV · · Score: 4, Insightful
    The main differentiator between an invasive monitor and malware is whether the author (or organisation employing it) uses it covertly, or if they make the user aware of what will happen.

    If a piece of software makes it clear, before you purchase it, that it will install monitoring software on your machine and/or it would phone home then that's one thing. You have the option of not buying it.

    If this situation only becomes apparent after the package has been installed, then (IMHO) that's not an acceptance practice.

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
  6. I'm sure it's true within countries, too by grizdog · · Score: 4, Insightful

    While most people probably don't consider them malware, a lot of people find internet ads intrusive and obnoxious and we install popup blockers to get away from some of them. But the advertisers wouldn't pay for them if someone wasn't reading them and clicking on them.

    More to the point, there is a huge difference in what people care about regarding their computers. Many of my friends think I "put up" with a lot because I use Linux and install things relatively methodically, always keeping control of my system. I think they "put up" with a lot, because they have no idea what is running on their computers and what the machines might be doing with their information.

    It concerns me that the anti-privacy people have time on their side, because after a few more years, they will just point out how so many people haven't been enjoying much privacy anyway, so what's the big deal?

  7. Sony didn't only rootkit their CDs by know1 · · Score: 5, Informative

    I was extremely pissed off with the whole sony rootkit debacle, which was covert. I was even more pissed off when they bought one of my favourite music production programs Acid Pro and I checked it for the tell-tale signs of the rootkit (the processes that are started with $SYS$ are hidden from the process list) and found it present in that too. If anyone uses this product then the last rootkit free version is Acid Pro 4. Just a heads up.

  8. Different cultures indeed by 4D6963 · · Score: 4, Funny

    What is considered malware in the US may be commonly accepted in China or Japan [...] These anti-cheating rootkits would hook into the kernel space in a very invasive way, and have the behavioral characteristics of malware such as hooking into the keyboard driver

    Indeed. And if you look back in history, you will find documented examples in medieval Japan of samurais making alliances with kernel-space rootkit developers to repel Mongol invasions. But it actually goes back to the roots of Zen Buddhism which de-emphasized the attachment to privacy and instead favoured experimental realisation, including with various sorts of early meditation-space thought-loggers.

    --
    You just got troll'd!
  9. Japan's computer ignorancy is here to stay by MasaMuneCyrus · · Score: 3, Insightful

    I'm currently living and Japan and would like to note that for all of the notoriously computer-ignorant people in America, Japan's computer ignorancy problem is ten-fold. Computers simply aren't used as a part of every day life in Japan as they are in America, and there aren't even basic use classes is most schools through college. IE6 is still the big web browser, and the most important factor in buying a computer (which is terribly overpriced because of Japan's tendency to use only Japan-made products for everything) is how cute it is.

  10. Re:Educate them out of the digital medieval age by v1 · · Score: 3, Interesting

    The best response in this aspect seems to be a little of what is so irritating in windows, the barrage of popups. This is probably one of the most sensible bitter pills in windows. OK if the software manufacturers are going to be completely retarded or write malware, we are going to harass the user continually as long as the software is running. Since we cannot make them change, and only the consumer's dollar is going to help.

    Sucks to be us, but that's what it takes to make developers clean up their act. Give them the choice to do it right or turn their software into something totally obnoxious.

    Lets say windows had a way to detect the root kit. Code it in. Make a popup come up every 5 minutes that the rootkit was detected. Cannot be disabled. (period) First thing the developers would do is mod it to hide better. A small war starts. Microsoft being the OS author, WILL win that war eventually. And the enraged customers will force them to remove the rootkit. (all the while the devs are blaming MS of course) Such is life. I wish they'd do that. It'd be messy, but effective.

    There are other fun responses to someone rootkitting your os. Make intelligent, targeted updates, that do something like wreck the registration scheme of the rootkitter. Do something that forces the customer to call the vendor for help. Make it such a sever PITA to the developer that they stop doing it.

    Or simply target the error message. Imagine this popup once an hour: "Windows has detected the installation of ROOTKIT_SUPERSHOOTER3v4. This software has damaged your Windows installation and compromised the security of your computer and your personal information. Please contact the software vendor SuperCoders (link/phone number) for assistance in repairing your Windows installation, or perform an erase and install to repair the damage." That would rock.

    --
    I work for the Department of Redundancy Department.
  11. In other words... by DrYak · · Score: 4, Insightful

    ...a computer in Japan is just another appliance.

    They buy it as they would buy a second TV set for the kitchen, or a vacuum cleaner or table-top cooling fan, etc.

    Nobody in his/her right mind care of the stats of a vacuum cleaner, except complete nerds.

    Computers are slowly drifting toward that situation.

    GSM phone have already reached that point almost worldwide - the only thing most people care is if there's "Apple iPhone" written on it.
    And there are often enough articles on /. about remote cellphone's mic tapping, remote GPS polling, etc... to show that there slightly more than "what's written on the case" about a phone.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  12. Re:Not news if you've tried to use a Korean websit by StarkRG · · Score: 3, Interesting

    They are a bunch of militaristic and racist bigots.

    Right, unlike everyone else.

    We Americans are far better than those chinks, we should'v f**k'n killed 'em all the last time we were there!

    </sarc>