Developing World, Developing Problems

By Mark Sunner

Distance doesn’t separate a business in New York from a virus-compromised home computer in Beijing or Bangalore. The rise of an internet-using middle class in developing countries such as China and India has created fertile ground for viruses and botnets here in the West.

The problem for businesses in the US or anywhere in the developed world is that the more compromised computers there are on the Internet, the greater the torrent of malware and spam.

“There’s a sucker born every minute”

The famous expression from showman P.T. Barnum may come to mind for some when they hear about the victims of cyber crime, but a tech-savvy criminal element will always find clever new ways to prey upon a small percentage of Internet users.

Whether the problem is spam, viruses, phishing or botnets (a collection of software robots, or bots, that run autonomously and automatically), the real issue of “cyber crime” is economic. This type of crime is widespread because it’s lucrative for perpetrators who thrive on exploiting unprotected connections to the Internet. According to the Wired Blog Network, cyber crime is now a $105 billion industry.

A new frontier

For overseas businesses interested in the US market, the Internet provides an efficient medium for communications – limited and ineffective communications has stifled trade in the past.

Developing countries are now able to connect. In 2007, India’s economy grew 8.5% and China’s rose 11.4%. This economic power is matched by a growing number of Internet-connected computers and a growing middle class with broadband access at home.

Developing world broadband connections

Broadband statistics are growing at the same relentless pace as developing economies. According to research by Point-Topic.com, the number of broadband subscribers in China is approaching the number of subscribers in the US .

According to the OECD (Organisation for Economic and Co-Op Development), in June 2006 the total number of broadband subscribers in the US was about 56 million. As of December 2007, OECD reported that the total was about 70 million and the organization predicts that the total number of broadband subscribers in the U S will exceed 100 million by end of 2008.

It’s the number of broadband connections, not the number of computers or Internet users, that cause problems for our customers. Why? First, when a computer is permanently connected to the Internet, it’s easier to infect with a virus.

Second, an infected computer can join a botnet and start spamming other Internet users or sending out more viruses. To make matters worse, it can do it at high speed, 24 hours a day.

More broadband means more problems

When there’s increased broadband rollout in a region, viruses, botnets and spam follow. Our hypothesis is that users in developing countries may be new to the Internet and unaware of the risks they run when they go online. It’s likely that they’re not aware of the techniques they need to apply to protect themselves ­­­– and the users they connect with in the US .

Preliminary data from Skeptic (see fig 1) , MessageLabs predictive proprietary technology , show s that, of developing countries, India is a leading source of viruses, with China not far behind.

Fig 1: Sources of viruses across the world

India is also a major target for incoming viruses. Our most recent data puts India at the top of this category and it has remained in the top ten throughout 2007 and early 2008 (see fig 2).

Fig 2: Targets of viruses across the world

What makes these figures alarming is that they come from a relatively small number of internet-connected machines.

A lack of protection

When we publish data that shows that developing economies are the source of a lot of spam and viruses that we receive in the US, people become concerned about hacker activity. The bigger threat, however, is the rise of consumer IT and the lack of protection due to its early stage of adoption. As new fields appear on the Internet, there is an initial period when security is lax and viruses run wild.

he situation is similar to five years ago in the U.S. when broadband adoption became mainstream. The spam epidemic took a quantum leap starting in January 2003 with the advent of the So Big-A virus. So Big is of particular significance because it was the first virus dedicated to the sending of spam.

So Big’s success was totally dependent on the pervasiveness of broadband. The virus’s inception was perfectly timed and the entire botnet phenomenon started at this point.

We currently stand at the beginning of the same type of adoption, this time for fast-fixed links to the home. The big difference, however, is that these links have progressed significantly in terms of sophistication and proliferation, so today an unprotected PC is infinitely more vulnerable than it would have been five years ago.

The impact that the Asian portion of Storm Worm – the world’s largest and most sophisticated botnot (a collective mass of infected computers) – is having can now be measured (see fig 3). We currently estimate that approximately 7% of the spam emanating from Storm Worm comes from bots inside China, closely followed by India.

Fig 3: The growing swarm of infected bots coming from Asia

This map is an accurate geographic representation of Storm Worm. The red patches represent the density of infected computers per geographic region.