News Stay informed about the latest enterprise technology news and product updates.

How Russia became a malware hornet's nest

Security experts Eugene Kaspersky and Gadi Evron explain how the Russian economy and lax police work helped make it a malware hotbed.

That Russia is a hornet's nest of malicious cyber activity is nothing new. The question for some in the information security community is why people from that part of the world are so determined to earn a living writing attack code.

In some of these states it is extremely unlikely to see police action on cyber crime even if communication is established, whether due to training or budget issues. They are a black hole.
Gadi Evron,
security evangelistBeyond Security

A dismal economy and lax law enforcement is fueling the problem, say two well-known security researchers. It has helped nudge Russian computer programmers into an underground market where easy money can be made creating programs used to steal credit card and Social Security numbers.

"[Russian hackers] don't see themselves as doing anything criminal," Kaspersky Labs CEO Eugene Kaspersky said during an interview at his company's U.S. facility in Woburn, Mass., last week.

He explained that many Russian programmers compare themselves to weapons manufacturers -- they build the technology but are not the ones using it. In other words, they're not responsible if someone else is pulling the trigger. Meanwhile, Kaspersky said, the Russian economy is still shaky enough that people are looking for ways to make a steady living, and building malware for online gangsters is one way to do it.

Russian programmers are believed to be behind such widely-available malware-making toolkits as Mpack and WebAttacker, which Symantec Corp. has cited as a big reason for more than 200,000 new malicious code threats in the first half of 2007.

Attacker origins:
Today's Attackers Can Find the Needle: From massive botnets to targeted phishing and transacting Trojans, today's new breed of attacker is more dangerous than ever.

Discovery of malware cesspool triggers attack fears
: Trend Micro researchers say a malware-infested Web server in Russia, linked to several Italian Web sites, could lead to a large-scale attack.

Top spammer indicted on email fraud, identity theft: The arrest may reduce the volume of spam in the short-term, say experts and analysts, but the real spam threat comes from criminal gangs based in Asia and Russia.

Experts doubt Russian government launched DDoS attacks: Distributed denial-of-service attacks against Estonian computer systems probably originated from smaller groups in control of botnets rather than the Russian government.

Meanwhile, in August Trend Micro reported finding a Russian Web server hosting about 400 malicious programs it warned could set the stage for a large-scale attack. Then there's a recent analysis from SecureWorks Inc. that concluded a Russian gang of spammers had used the SpamThru Trojan to engineer a tidal wave of junk mail hawking everything from stocks to pills.

While some refuse to take responsibility for the damage their handiwork causes, others know there's little chance that they'll be pursued by the authorities in that part of the world, said Gadi Evron, a security evangelist with McLean, Va.-based Beyond Security.

"In some of these states it is extremely unlikely to see police action on cyber crime even if communication is established, whether due to training or budget issues. They are a black hole," Evron said in an email exchange. "In other cases attempts have not even been made, or they don't like cooperating with U.S. law enforcement."

More importantly, he said, if the authorities want to pursue some malware makers, they have to deal with businesses that harbor them. Such companies won't keep logs or provide law enforcement with the data they need to catch the bad guys. "Some of these service providers are criminal on their own, and work undisturbed," said Evron, who helped investigate massive cyberattacks that sent the Web-dependent nation of Estonia reeling last April.

Meanwhile, international cooperation on cyber crime is problematic at best, he said. "There are official routes to take, such as through Interpol, but these take time and are considered highly official," he said. "On the Internet, things move very fast and in many cases in ways that current laws and treaties don't cover. The current system as it is right now is close to useless for this purpose whether in the ex-Soviet states or not."

While Russian programmers are making a good living in the malware business, they have by no means cornered the market, Kaspersky said. China has surpassed Russia as the biggest producer of malware, according to Kaspersky and Evron noted that the U.S. and other western countries have imperfect records for going after and catching malware makers.

"In the U.S. and other western countries we have enough problems with lack of policy assisting law enforcement and laws to help prosecution," he said. "There are black hat criminal havens in the U.S. we haven't been able to even approach."

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.