The VB Conference last month had some good presentations, including this one by Fabio Assolini of Kaspersky. He spoke about how Brazil is the the newest up-and-comer on the cyber crime block.
The tale begins with the story of Igor and Emily, two cyber criminals operating out of Brazil. Together, the two of them stole $300,000 US from a single Brazilian bank in one year. They hopped around from city to city, never staying in one place too long. They lived the good life by charging it all on stolen credit cards. The thing of it is, they were caught by the police three times… and released three times. For you see, in Brazil, there is no specific law that criminalizes their offences.
How big of a problem is Brazilian cyber crime? Well, consider the following:
Malware created in Brazil is different than malware in other parts of the world. Brazilian spam does not use malicious pdfs, nor are they created from kits like Zeus or Spyeye. They are all created locally and are designed to target Brazilian users.
How do they do this? If you are a user and you click the link or open the attachment or whatever, and you are inside Brazil, the phishing page loads, or the file is downloaded. However, if you are outside of Brazil, you get a 404 http error, or a picture of girls in bikinis. The authors of the malware are only interested in targeting people inside Brazil. This resembles APTs in that the attacks are customized, but different than APTs in that the profit motive is clear.
Brazilian malware bypasses antimalware software with creativity. They obfuscate scripts, use command-and-control centers using malicious Twitter users, and use 64-bit rootkits.
They are also prone to spear phishing attacks. One time, they exploited a flaw in the Brazilian Ministry of Labor’s website and accessed all of the data they had. They then proceeded to craft phishing messages using people’s actual data – their mother’s name, father’s name, social security number, and so forth. Clearly, Brazilian phishers mean business.
Why do they get away with this?
I’ve known for a long time that Brazilian spam is a problem, but I didn’t realize how they narrowly target their audience. This is in contrast to eastern European spammers who go after people outside of their country.
I learned yet another new thing that week at VB.