Malware purposely not infecting machines in certain countries

By

Researchers have spotted a jump in malware that is designed to avoid infecting users in certain countries -- an attempt to stay out of the purview of law enforcement.


Researchers have spotted a jump in malware that is designed to avoid infecting users in certain countries -- an attempt to stay out of the purview of law enforcement.

Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so as not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com. If a cybercriminal targets users outside of their country, it's harder for authorities to respond, he said.

The Swizzor malware has been around for about two years but only recently stopped infecting Russian machines by identifying the language of a user's operating system, Bureau said. Users running a Russian version of Windows will not be infected.

The fact that the trojan is now avoiding Russian targets reveals some clues about the cybercriminals behind the Swizzor malware, Bureau said. The individuals likely have servers located there and perhaps are conducting other operations, such as money laundering.

Meanwhile, the earliest variants of the rapidly spreading Conficker virus, which exploits a patched Windows Server Service vulnerability, was avoiding Ukraine targets. The malware was able to detect the keyboard layout.

However, the latest variant of Conficker -- responsible for infecting millions of machines this week, according to F-Secure -- is not choosing which victims to infect.

Still, big malware families are adopting this technique to avoid bringing attention on themselves, Bureau said.

“We have not seen this before a couple of months ago,” he said.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?