Malware Without Borders: A Regional Look at Microsoft's Malware Telemetry Covering the APAC Region presented at AUScert 2008

by Ziv Mador,

Summary : As malware and potentially unwanted software are becoming motivated more and more by financial gain, their nature is also changing. The attackers often use social engineering techniques to lure the user to run their code and usually will show some messages or bogus warnings using some language. The effectiveness of the attack in any specific region will then rely on the popularity of that language in that region. Other factors may impact too such as the level of user education in that region and the usage of security products there. The result is that we see more and more threats that affect specific countries or regions more than they affect others. This paper will overview some major differences in the types of malware and spyware that exist in different regions around the Asia Pacific region and will provide specific examples. The information for this paper is collected from hundreds of millions of computers around the world though insights specific to the Asia Pacific region will be the focus of this presentation. Given the locality of many of the threats, the model of national response teams and organizational response teams can be extremely helpful. The paper is going to call for even higher level of interaction between these response teams and the security software industry as well as several working examples which illustrate success.