Friday, January 16, 2009

Malware Purposely Not Infecting Machines in Certain Countries

Angela Moscaritolo writes on SC Magazine US:

Malware authors are adopting a new technique to avoid getting caught.

Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said.

The Swizzor malware has been around for about two years but only recently stopped infecting Russian machines by identifying the language of a user's operating system, Bureau said. Users running a Russian version of Windows will not be infected.

The fact that the trojan is now avoiding Russian targets reveals some clues about the cybercriminals behind the Swizzor malware, Bureau said. The individuals likely have servers located there and perhaps are conducting other operations, such as money laundering.

More here.


Post a Comment

<< Home