Home / Blogs

Brazil: The Newest Up and Comer

Terry Zink

The Virus Bulletin Conference last month had some good presentations, including this one by Fabio Assolini of Kaspersky. He spoke about how Brazil is the the newest up-and-comer on the cyber crime block.

The tale begins with the story of Igor and Emily, two cyber criminals operating out of Brazil. Together, the two of them stole $300,000 US from a single Brazilian bank in one year. They hopped around from city to city, never staying in one place too long. They lived the good life by charging it all on stolen credit cards. The thing of it is, they were caught by the police three times… and released three times. For you see, in Brazil, there is no specific law that criminalizes their offences.

How big of a problem is Brazilian cyber crime? Well, consider the following:

  • 36% of trojans that targeted banks that circulated worldwide originated in Brazil.
  • 95% of all malware made in Brazil are trojan bankers.
  • In 2010, $900 million was stolen from Brazilian banks, and in the first half of 2011, $685 million was stolen.

Malware created in Brazil is different than malware in other parts of the world. Brazilian spam does not use malicious pdfs, nor are they created from kits like Zeus or Spyeye. They are all created locally and are designed to target Brazilian users.

How do they do this? If you are a user and you click the link or open the attachment or whatever, and you are inside Brazil, the phishing page loads, or the file is downloaded. However, if you are outside of Brazil, you get a 404 http error, or a picture of girls in bikinis. The authors of the malware are only interested in targeting people inside Brazil. This resembles APTs in that the attacks are customized, but different than APTs in that the profit motive is clear.

Brazilian malware bypasses antimalware software with creativity. They obfuscate scripts, use command-and-control centers using malicious Twitter users, and use 64-bit rootkits.

They are also prone to spear phishing attacks. One time, they exploited a flaw in the Brazilian Ministry of Labor's website and accessed all of the data they had. They then proceeded to craft phishing messages using people's actual data — their mother's name, father's name, social security number, and so forth. Clearly, Brazilian phishers mean business.

Why do they get away with this?

  1. It's like I said in the opening paragraph, in Brazil, there is no specific law that outlaws what these people are doing. It's not illegal to have malware source code on your machine, it's not considered a crime.
  2. Just like any other place in the world, having good (expensive) lawyers can get you off even if you are charged with a crime. Due to the money that some of these guys have, they can afford the legal fees.
  3. Even if you are convicted of a crime, sentencing is light. For citizens, prison sentences are only two years.
  4. Finally, the law that is applied when fighting cybercrime was approved in the 1940's. This leaves a very gray area for people to operate.

I've known for a long time that Brazilian spam is a problem, but I didn't realize how they narrowly target their audience. This is in contrast to eastern European spammers who go after people outside of their country.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: Cybercrime, Law, Malware, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Brazil has had a fairly long track record with banking trojans Suresh Ramasubramanian  –  Nov 23, 2011 6:43 PM PDT

Not to mention some extremely overactive and persistent spammers, but that's another can of worms entirely.

I am not sure why they qualify as the "newest" up and comer.  I remember brazilian banking trojans since at least the early 2000s if not earlier.

They aren't new even to Kaspersky Lab, which came out with a rather detailed article on brazilian banking trojans in 2009 - and even that article called Brazil a "world leader" in banking trojans.

http://www.securelist.com/en/analysis/204792084/Brazil_a_country_rich_in_banking_Trojans

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias
Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services