Security Fix: When Cyber Criminals Eat Their Own
Brian Krebs writes on Security Fix:
Some of the most prolific and recognizable malware disbursed by Russian and East European cyber crime groups purposefully avoids infecting computers if the program detects the potential victim is a native resident. But evidence from the Conficker worm -- which by some estimates is infecting more than one million new PCs each day -- shows that trend may be shifting.More here.
According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. "Conficker") worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20.
In the past, attackers such as the infamous rogue anti-spyware families -- such as Antivirus 2009 -- have programed the worms and viruses to simply fail to install if the installer program detects the system is running a Russian or Ukrainian version of Windows.