Blogging the ASC: Internationalization of Spyware

Posted on June 27, 2007 - 19:58 by egeorge

Continuing our blogging of the ASC conference, StopBadware senior developer Liana Leahy's notes on the panel on Internationalization of Spyware:

Vincent Weafer of Symantec - Spyware varies between nations.

Chris Boyd of Facetime - Shows where hijacked people are. The majority of the companies are based on the west/east coasts.

Spy Act, I Spy Act, Counter Spy Act is brought up. Legislation has been too slow, 4 or 5 years too late. Some have gotten pressure from the FTC.

Q8 Army: Radical, political websites, they hijacked you from these sites and put popups with political propaganda. Over the border, wasn't much law enforcement could do.

YapBrowser, Zango, Safety Browser: Rogue web browsers, rogue anti-spyware applications. These applications include spyware and adware.

Vincent - Are we seeing more spyware coming from international sites and why?

Chris - Always been around, but under the radar. Cyberwar between US and Chinese hackers. All about money, getting as much adware on the computer until it dies. The problem is you can't touch the guys overseas. Anti Malware Alliance in China, trying to sue the Chinese government because they are installing malware on people's PCs

Australia: spyware control bill has gone nowhere. There are 22 countries and 21 more that have signed an agreement among nations to create laws to combat these issues. Spyware-esque.

Governments will say they don't need spyware legislation, that existing laws will handle it.

One guy installed spyware onto his wife's machine to check her bank balances. He got 4 months. There has been some hesitation, because the language is difficult. Describing malware and spyware is hard.

Is there a difference between US and Europe? European politicians haven't a clue what spyware is and what it does and the threat. Germany under E.E. U.U. law, limits the sale of security software used for unlawful purposes. European banks are suffering from the same issues as US banks, thanks to online banking.

Any experience in Asia? Any examples? Japan has different issues. Their viewpoint is that their spyware is more about social engineering. One big fraud was a fake billing system. Less emphasis on downloading software in Japan. Rather having the software downloaded for you. People aren't used to downloading software as much.

Is there a different between the users complaining about these charges? The Japanese are less likely to complain about it. So stuff is underreported because they are embarrassed to admit that they were ripped off.

Is it easier to hide overseas?
John Levine of CAUCE - It's not hard to hide in the US. Domain registration is lax. They don't check your personal data. It's easy to register lots of domains and move them around. Each country makes their own rules to register a domain. Italy for example has rigorous rules. A lot of people target outside the US, because broadband in the US is slower. Japan and Europe is much faster. Europe has stronger privacy laws... And they are slow to act on complaints. Domain names are hard to trace, just tip of the iceberg.

Lindsey Wegrzyn of Earthlink - The problem we see in internationalization is that everything is compartmentalized. Lots of people have a hand all over the world. They jump on forums to find partners, there are 14 or 15 people involved. Cases take forever. You need to understand foreign agency's laws to contact them. Understanding where the benefits are is helpful.

John - How do you attack this? Depends on who you know. Given the number of countries, following their trail is hard.

Vincent - Are you seeing technical differences in Europe, S.A., Middle East?

Chris - A lot of stuff is quite generic (the code itself, old stuff that's been around). Chinese hijacks aren't just whackamole games with password stealers. A lot of the code is old, but what they do with it is new. Middle East, quite sophisticated root kits.

Clerik: malicious spyware from China. They are not as educated and aren't used to computers as we are. But they will learn soon.

Criminalization, Adware commercialization: A single global marketplace, or niche markets?

Chris - It's still scary. Chinese vs. America black-hatters. They are working together and sharing code. There is a cross-network but it's not structured. It's still territorial.

John - Transmitting money around the world. The cat is out of the bag, it's easy to shift money around the world.

Vincent - What can we do that will help the situation? Education? Awareness? Corporations? Building relationships?

Chris - UK High Tech division crime squad. Impossible to get a hold of people. Tracking down law enforcement is useless. Accessibility of law enforcement would help.

John - Same answer. Educating law enforcement and giving them the expertise to ask the right questions is key.

Lindsey - Cooperation is key. Getting legislation into action for countries that agree to pursue this. Resources is also an issue for folks.

Clerik - Talk to your legal system to push through legislation. Try to convince users to make backups.

Questions from the audience:

US Safe Web Act. FTC power to go internationally to get information. Is this a viable option?

Lindsey - hasn't used it because it's not helpful. She's not as familiar with them. Hasn't heard good things about it. Instead they use personal contacts. People contact across the board are key.

Josh - Please talk about Government sponsored malware in China

Chris - Ministry of Media Affairs have created software (malware), that installed from various Chinese websites. You can support your government by hijacking PCs. Folks are trying to sue the government with spectacularly bad results. A lot of this stuff comes from Chinese domains where the url is random letters and numbers. but some of them are legitimate in China. There's no way to contact these domain owners. Is it malicious or has the site been hijacked?

Audience - Has anyone used CertCn to determine who owns these domains?

Chris - Yes, folks are helpful. There are people out there who are fighting this. Personal experience, these organizations have been more positive. The Certs are quite good. What is deemed acceptable..

Chris - Software that installed all come with Eulas.. When you are presented with a eula that's in a different language, it's useless. A lot of Chinese hijacks are being pushed via IM channels. Skype network. once