I was just thinking about China and malware..

[JohnC]

I know it is terrible the amount of malware that comes from china. But I think we should be thankful that such a large amount is for stealing game passwords rather than financial information. Maybe this is the wrong way to look at things, but seems logical to me. Your thoughts?

[sowhat-x]

...i've also thought of this,and pretty much share the same mixed feelings...
I'm thinking though that this might not actually turn-up so well,
in a not-so-distant future perspective...
assuming it's mostly teenagers/script-kiddies that are playing games anyway...

...It's a matter of how you get to become a grown up person after all:
if from an earlier age,you're already used in stealing other people's data,
not respecting their privacy etc...then what would hold them a couple of years later,
when they'll be in the need of actually earning their daily living,
from using pretty much the same methods,say for stealing bank accounts etc...?

Maybe this conclusion above is a bit rushed...
to be honest,I can't avoid comparing with my teenage years,
although I can recognize this might not be really the way to go...
as lots of things have changed since,what I mean is...
when say 15-17 yrs old,no way we would even think of spending our day,
in front of a screen playing games..."all your streets are belong to us",lol... 
On occasion,as part of the general fun,
we would spend some money in coin-up machines,and that was the end of it...
after all,not every house out there had a Windows-based pc lurking around,
this certainly was not the case,as it happens nowadays...
At least this is how things were in the small country that I live,
I don't think though there would be an actually huge difference,
with the rest of Western countries...
More over,most of today's teenagers seem to know one way or another,
how to code/mod a basic trojan...knowledge always comes at a cost...
a pretty good proof of this fact,
is the number of skiddie forums that pop-up around the net...

One more thought that comes to mind also,
is that the days of the hardcore vx scene/coders,
seem to be somehow moving to history...maybe it's temporarily,maybe not...
but at least according to the statistics,
malware authors nowadays seem to be way more motivated by money,
than say "glory",personal fame etc...

[JohnC]

It is a scary thought that the password stealing generation of malware authors could evolve into banking trojan malware authors. I think though malware itself has become more sophisticated, I would say the majority is still quite basic. Probably due to the authors lack of ability to write something more complex. We're still seeing quite a heavy reliance on public compress/encryptors, to avoid detection and reverse engineering for the purposes of analysis. Of course there are more private ones now than there was a while back, and this number will continue to grow.

Whether it is just to save time and make things easier, or if they lack the ability to write there own encryptors/compressors I'm unaware. But it seems that most of the encryptors/compressors being used are not written by the same author of the malware it is used on. So there is a whole separate business just for the creation of these tools. With exploit packs available such as Mpack/Icepack, people need even less knowledge to take over computers. And a lot of groups that create trojans have little edit tools, which are easy to use. It isn't really too difficult, for somebody to get custom versions if they are willing to pay. Though in honesty, people with such a heavy reliance on others tools wouldn't get to far. At least not in comparison to the biggest threats right now such as Zlob and Storm, both of which are pretty much part of a large scale criminal enterprise.

One problem I see, is that, if somebody was to take the step from using someone elses tools to create their own. It wouldn't be such a huge step due to all the open source malware code available. You also have to wonder where freelance programmers come into all this.