Symantec Global internet Security threat report
Brazil’s rise as a source of malicious activity to third place in 2009 was mainly due to a significant increase in its ranking for malicious code, for which it rose up to fifth in 2009 from 16th in 2008. One possible reason for the large increase in malicious code ranking for Brazil was the Downadup (a.k.a., Conficker) worm.39 this worm drew a lot of attention in late 2008 and early 2009 by infecting a large number of computers worldwide. Brazil was one of the most affected countries, ranking fourth for countries by number of Downadup infections. One explanation for the success of Downadup in Brazil is that it is able to specifically target certain regions based on the identification of the language setting of the computer, one of which is was “portuguese (Brazilian).”40
in addition, Brazil ranked third globally for potential infections by viruses and fourth for potential infections by worms. these rankings represent large increases from previous reporting periods. Brazil has been a major source of successful malicious code that steals banking information, and some very successful malicious code that has originated from Brazil remains active.41 For example, the Bancos trojan was first discovered there in 2003 and was still one of the top 50 malicious code samples for potential infections in 2009, mainly due to the continuous release of new variants.42
the growing level of malicious code activity affecting Brazil has resulted in the proposal of a new cybercrime bill in the country.43 the initiative may also be a result of a number high-profile cyber attacks there in recent years.44 One of the attacks resulted in a massive power grid blackout, while another resulted in the exposure of valuable data and a $350,000 ransom request after a government website was compromised, which also resulted in over 3,000 employees being unable to access the site for 24 hours.
in previous reports, Symantec has observed and discussed indications that countries such as Brazil, turkey, poland, india, and russia would continue to increase their overall share of malicious activity because of their rapidly growing broadband populations and expanding internet infrastructures.45 this trend has continued and, with the exception of turkey ranking 12th, these countries now all rank in the top 10 for malicious activity. Even though it dropped in ranking, and despite increases in the malicious code and phishing hosts categories, turkey’s decrease is attributed mostly to larger increases in overall malicious activity in russia, india, and poland. these countries may continue to account for larger percentages within specific categories because their relatively new and growing internet infrastructures could be exposed to increasing levels of malicious activity until security protocols and measures mature enough to counter these activities. the United States and China account for large enough percentages within specific category measurements that they will likely continue to outrank other countries for overall malicious activity unless there are fundamental changes to internet usage governance and infrastructure.
there needs to be continued coordinated efforts among law enforcement to address malicious activity occurring globally. this is especially critical in the absence of an agreed-upon international framework for combating cybercrime.
Finally, it is worth noting that malicious activity in countries where the overall percentage dropped, such as the United Kingdom and Germany, was relatively consistent with previous years. the reduced percentages for these countries in 2009 are primarily the result of the increased activity in emergent countries such as Brazil and india.
40 41 42 43 44 45
S e e h t t p : / / w w w . s y m a n t e c . c o m / c o n t e n t / e n / u s / e n t e r p r i s e / m e d i a / s e c u r i t y _ r e s p o n s e / w h i t e p a p e r s / t h e _ d o w n a d u p _ c o d e x _ e d 1 . p d f a http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99 http://www.symantec.com/connect/sites/default/files/the_downadup_codex_ed1_0.pdf : p. 16 http://www.symantec.com/connect/blogs/brazilian-msn-worm-looks-familiar http://www.symantec.com/security_response/writeup.jsp?docid=2003-071710-2826-99 http://www.eff.org/deeplinks/2009/07/lula-and-cybercrime http://www.foreignpolicyjournal.com/2009/11/15/brazils-next-battlefield-cyberspace/ http://www.point-topic.com n d