Cybercrime, like every digital industry, is outsourcing. Though the U.S. still produces more malware, spam and viruses than any country in the world, illicit IT jobs are increasingly scattered across an anarchic and international Internet, where labor is cheap, legitimate IT jobs are scarce and scammers are insulated from the laws that protect their victims by thousands of miles. As Thomas Friedman might say, the criminal underworld is flat.
According to a Symantec report at the end of 2006, Beijing is now home to the world’s largest collection of malware-infected computers, nearly 5% of the world’s total. Research by the security company Sophos in April showed that China has overtaken the U.S. in hosting Web pages that secretly install malicious programs on computers to steal private information or send spam e-mails. And another report from Sophos earlier that month showed that Europe produces more spam than any other continent; one Polish Internet service provider alone produces fully 5% of the world’s spam.
Cybercrime this geographically diverse isn’t just hard to stop; it’s hard to track. Common tactics like phishing and spam are usually achieved with “botnets,” herds of PCs hijacked with malware unbeknownst to their owners. Botnet attacks can usually be traced only to the zombie computers, not to their original source. That means the majority of studies mapping botnet attacks point to every place in the world that has vulnerable PCs, with no real sense of where the attacks begin.
Researchers at Sophos Labs say they have a solution: They can roughly identify the host country of malicious software by tracing the default language of the computer on which it was programmed. According to their analysis of the default language linked with about 19,000 samples at the end of last year, Americans and other non-British English speakers still produce the most malware, more than a third of the world’s total. Close behind is China, producing 30%, followed by Brazil, with 14.2%. Russia places fourth with 4.1% of the world’s malware.