CircleID

It's where you advertise your services, and how you position yourself that speak for your intentions, of course, "between the lines". There's a common misunderstanding that in order for a malware campaigner or scammer to launch a localized attack, they need to speak the local language. This misconception is largely based on the fact that a huge number of people remain unaware on how core strategic business practices have been in operation across the cybercrime underground for the last couple of years.

Outsourcing the localization process (translation services for spam/phishing/malware campaigns) has been happening for a while, courtesy of DIY (do-it-yourself) services ensuring complete anonymity of their customers. Interestingly, the translators may in fact be unaware that the advertising channel the service is using is directly attracting everyone from the bottom to the top of the cybercriminal food chain. Sometimes, it's services like these that open a new market segment covering an untapped opportunity (the following service makes a point that it charges less than their competitors):

"We offer our services in translation. We are only competent translators profile higher education. Service is working with all types of texts. Languages available at this time of Russian, English, German. Average translation of the text takes up to 10 hours (usually much faster) through the full automation of the order and payment. Just want to note that we do not keep any logs on IP and does not require registration. In addition you can remove your order from the database after his execution. In addition to running more than 1000 translations already, we can use all the lessons learned to be more effective in our services. Prices vary depending on the complexity of the topic covered.

Prices and deadlines:
* Standard - the deadline is not more than 24 hours. Prices depend on the direction and guidance from the 'Order'.
* Term - work on your translation begins precedence. The price of the 50% more than the standard translation. Prices also depend on the direction and guidance from the 'Order'.

The cost of the transfer depends on the amount of work. The workload is measured in symbols. In calculating the characters are shown letters and numbers. Punctuation do not count. Minimum order 100 characters."

I'm particularly curious how a contractor (translator) would react to a situation where a large scale malware campaign in several different languages, tells a fake story that the contractor might have recently translated for them. While services position themselves as legitimate companies and their customers, the "usual suspects", request localized versions of text for spam/phishing/malware campaigns, and the contractors will continue to allow cybercriminals the opportunity to build more authenticity within their campaigns.

By Dancho Danchev, Independent Security Consultant. Visit the blog maintained by Dancho Danchev here.

Related topics: Cybercrime, Malware, Security