- Category: September - October 2009
Almost all discussions on computer viruses raise the question which countries developed the threat and the media often yields to temptation to lay the blame stereotypically on the “Russian threat”. But that’s a myth which cannot bear up under a well conducted examination. During the past years, virus authors who released global epidemic diseases were arrested again and again, and therefore it is easy to determine their home country:
- Germany (Sasser and NetSky)
- Hungary (Zafi)
- Turkey and Morocco (Bozori)
- Netherlands (Agobot and Codbot)
- Eastern Asia (Slammer)
- Germany (Sober)
According to research, China currently leads the relay in mobile virus development, followed by Brazil and a notable portion of the current viruses are even created in Turkey, with which the countries of the former USSR can be compared best to right now regarding virus production.
For the majority of the 31 families we can determine the country of origin quite easily. Remember that Cabir was created by the Frenchman Vallez? When this virus got into the computer underground, pretty fast more and more modifications followed. The inhabitants of the countries of Southeast Asia: The Philippines, Indonesia, Malaysia and China proved to be the most active in producing modifications, but also the Brazilian Valesco created some Cabir modifications, while writing the virus Lasco.
The former USSR has come up with four copies or mobile viruses, but three of them have been conceptual viruses, meaning the first of their kind. The first backdoor program for WinCE, which received the name Brador, was provided by a programmer from the Ukraine, famous by the nick name BrokenSword. The worm ComWar’s origin is Russian, too as testified by texts contained in the virus and available information about the author e10d0r. The third is the Trojan RedBrowser, whose creator is unknown, but the texts in the Trojan as well as the telephone numbers that send the SMS clearly prove its Russian origin.
The Trojan Lockhut was discovered for the first time by the anti-virus company SimWorks of New Zealand. The conclusion that it is of Russian origin was drawn due to the unpleasant texts in the Trojan and the file name.
As we already mentioned, ComWar modifications contain a number of Spanish texts, so we could assume that it originates from Spain. But we do not have any further data or proof at present, which can affirm this. From Turkey come some modifications of Skuller and Cardtrap, as well as the only well-known Trojan of the family Arifat.
The predominant majority of the mobile threats are coming without doubt from China, possibly some from South Korea, too. Here we cannot make an exact statement, since most of the mobile Trojans discovered in the past years were just sent to South Korean anti-virus enterprises. According to Gostev’s detections, the viruses have been placed on hacked Korean servers, accomplished by hackers from China. It seems that PbStealer and StealWar as well as some Trojan modifications come from China, too. In addition, he mentioned the increasing activity of a virus writer from Malaysia. It’s believed that the Malaysian developed most Skuller modifications, if not even the original Skuller.
But what do these facts tell us? They prove that mobile viruses develop following the same laws as computer viruses. And for both areas, the viruses are created in the same countries.
By Daniela La Marca