Why Malware Attacks Increase During Bad Weather

A colleague sent me an article claiming that the last Blizzard of the Millennium (Juno) was, for some reason, responsible for an increase in hacking in cities which were more or less shut down. The initial explanation for this was that a lot of snowbound workers had too much spare time on their hands and visited more malware infected porn sites than usual. That may account for some of the increase, but why was New York’s infection rate 93% above normal while Boston’s was only 41% above normal? Something didn’t seem quite right about this explanation.

A lot of articles online make a big fuss over the fact that Utah has more adult site subscriptions per thousand residents than any other state. However, if you read the original Harvard study on this, you’ll see that these articles don’t tell the full story. They just repeated previous stories. The actual conclusion of the researchers was:

“On the whole, these adult entertainment subscription patterns show a remarkable consistency: all but eleven states have between two and three subscribers to this service per thousand broadband households, and all but four have between 1.5 and 3.5. With interest in online adult entertainment relatively constant across regions, there’s little sign of a major divide.”

 So apparently, we don’t need to use grizzly bear tranquilizer darts to calm down the sex-crazed New Yorkers.

Yet, if this explanation is ruled out, what can explain this increase? It could be that Bostonians are more cybersecurity savvy than New Yorkers, but this doesn’t seem likely. You may think that regions with an older demographic may be hacked more since older people may not be aware of security issues. Then again, you may think that areas with a younger demographic would be hacked more because younger people are online more. I checked out both of these theories and there appears to be little relationship either way. No, some other explanation must exist, and I cannot help but think that it may be connected with the puzzle of why residents in some cities are hacked so much more than in others.

Let’s think about this within the framework of what was supposed to be History’s Greatest Blizzard. If such a storm was coming, what sort of websites would you visit? What apps would you download? Wouldn’t it make sense that you would want to keep a close eye on the weather? Wouldn’t you like an app that can give you the latest updates? Yes, probably, but what is the connection to being hacked?

Well, before we can explore this question any further, we need to analyze the title of the article, which was, Hacked Because of Weather. First of all, I had to determine what the writer meant by ‘hacked’. The term is often tossed about casually to explain any computer problem resulting from an unknown or known source. To define hacking in the context of this article, I visited the site the article based its information on, Enigma Software. Enigma Software is a company that makes malware detection and removal software. For this reason, we must assume that it is in Enigma’s best interest to find and publicize as many malware problems as possible. In fact, in the past, it has been accused of giving out its Spyhunter program for free scanning and then asking for payment to remove the malware it found. Once installed, it was almost impossible to remove the malware removal tool itself, since the program came with no uninstall program. Enigma now claims to be working on this. In any event, Enigma claims that their software will protect users from “computer threats including viruses, adware, trojans, rogue anti-spyware programs and other malware.” Notice that adware is included in these ‘hacking threats’. Also included are programs that may change your browser settings, give you unwanted toolbars, or give you unwanted programs. Thus, if we could find weather apps or programs that would give us the latest weather data but that also included some kind of adware, we could consider ourselves, ‘hacked’. As it turns out, there are hundreds, if not thousands, of such programs.

Let’s look at a couple. If I’m in an impending severe weather situation, I might be tempted to download an app or program called, Severe Weather Alert. Although the program will give you some weather information, it will also transform your browser settings. Your homepage may be replaced, your default search engine can be changed, or opening a new tab will automatically lead you to some site you don’t want to visit. Such adware is used to propagate click fraud. The adware is either bundled in with the Severe Weather Alert package or the Severe Weather Alert program may be bundled into some other software’s package. Choosing Typical/Quick installation over Custom/Advanced installation will automatically install these unwanted programs on your computer. According to the website, PC Risk, “Severe Weather Alerts continually monitors users’ Internet browsing activity by collecting various software and hardware information including Internet Protocol (IP) addresses, unique identifier numbers, browser types, cookies, website URLs visited, pages viewed, and other similar details likely to be personally identifiable.” They continue, “these browser plug-ins are useless to the user – their purpose is to generate income by the display of intrusive online advertisements and redirecting users to other websites” and “may lead to serious privacy issues or identity theft, and therefore, you are strongly advised to eliminate this adware from your computers.” The same can be said of many of these programs or apps. These bugs can be unusually persistent and difficult to remove.

Many Americans, wary of such software, may turn to the trusted Weather Channel App for valid, up-to-date weather data. Unfortunately, there is a fake Weather Channel App (Weather Channel VDO) that uses a look-alike logo and can install computer busting Trojans. It now seems to have been removed from Google Play and Download.com, but it’s still out there on other sites like APK Download.

Luckily, there is a real Weather Channel App (aka Desktop Weather App). Sadly, it is also classified as malware. It seems, “The Weather Channel App and such third parties (parties connected to it) may on occasion combine information about you with information obtained from other parties to market to you products or services.” Maybe the real and fake Weather Channel apps aren’t all that different, but can you tell which logo is the real one?


 The Weather Channel claimed its viewership increased by 160% during the blizzard and you can be sure that its app showed a similar increase in downloads. (By the way, the second logo is the real one.) In any case, I believe I’ve made a case for weather apps being a source of problems that some would report as “being hacked”. However, it still fails to answer the basic question, which is, why was New York hacked more than Boston, especially when Boston was gearing up to get the brunt of the storm?

I can only attribute this to what I would call the Chicken Little Factor; in other words, the Hype Factor. In no place was the potential severity of this snowstorm hyped more than in New York. Schools were closed, businesses and government offices were locked down, and transportation was shut down even before one flake of snow descended on Manhattan. Even when nothing much seemed to be developing, the mayor advised people not to be lulled into a false sense of security. It was a case of style over substance: Good marketing on the meteorological level. No doubt Boston also achieved its degree of marketing, after all, hacking did go up 41%, but it just might not have had the publicity that the New York hype had and, besides, Bostonians may just be a little more used to big snowstorms and may not have been so gullible.

If all of this is true, then, perhaps, it can go some way towards explaining why some cities are more hacked than others. First of all, keep in mind that malware designers are opportunists. For example, after any major natural disaster, false charities will spring up asking for money to help the victims, either through emails or apps. Severe weather apps are no different. More of them may appear at the same time predictions of upcoming severe conditions appear. If this is the case, cities that are more often in the path of severe weather events such as hurricanes, tornadoes, severe thunderstorms, blizzards, or floods should experience more weather-app-based hacks. But keep in mind that the formula is: Severity of Impending Weather Event (ES) + Hype (H) = % Increase in Hacks (I). We can, thus, suppose that cities in hurricane prone areas (Florida, the Gulf Coast), tornado/thunderstorm prone areas (Texas to the South and Midwest), blizzard prone areas, (the Rockies, the North Central states to the Northeast) would show more hacks than cities that generally receive little in the way of severe weather such as Southern California. So here is the list of the top 20 most hacked cities in the US, again, from Enigma Software.

Tampa 561.81% higher than the national average TS R H T

Orlando 386.91% higher than the national average TS R H T

St. Louis 369.37% higher than the national average TS T

Atlanta 359.42% higher than the national average T R TS H

Salt Lake City 306.65% higher than the national average S TS

Denver 293.11% higher than the national average T S TS

Newark 260.85% higher than the national average

Madison, WI 225.17% higher than the national average

Cleveland 215.61% higher than the national average S TS

Little Rock 215.61% higher than the national average T

Cincinnati 182% higher than the national average TS

Washington, DC 169.56% higher than the national average TS

Miami 160.38% higher than the national average R H

Pittsburgh 135.49% higher than the national average S TS

Irvine 112.07% higher than the national average

Richmond, VA 111.91% higher than the national average

Raleigh, NC 110.93% higher than the national average R TS H

Minneapolis 106.04% higher than the national average S TS

Seattle 86.05% higher than the national average

Greensboro, NC 76.02% higher than the national average H

The letters in bold show that these cities ranked in the top 10 for particular severe weather events. (T= tornado, TS = thunderstorm, S = snow, R = days of heavy rain, H = hurricanes). Although not an exhaustive scientific investigation, there does seem to be, at least on the surface, some correlation between cities with severe weather events and the amount of malware infections (hacking) reported (many of these rankings came from the Current Results website). There are many questions raised by these statistics. First of all, how reliable are the rankings from the Enigma website? Why aren’t some Texas cities on the list, since Texas ranks high in thunderstorms, tornadoes, and, in some places, even hurricanes? The same questions could be asked about New Orleans or Oklahoma City. On the other hand, we did not see any cities that have few encounters with severe weather (Southern California, the Southwest) on the most hacked city list. Thus, this at least gives us an idea that a relation between weather events, weather apps, and malware infection is a possibility.

News broadcasting is a business and weather is a product that it can sell. When severe weather comes, all the residents in an area are affected, making them all potential customers. If one network or broadcaster can out-market another for viewers, it can lead to financial benefits in the form of businesses willing to pay more for advertising. In such a climate, weather will always be hyped, although it seems easier to do so when you have more products, such as a selection of severe weather events, to sell. Those cities on the chart which rate high in hacking but low in severe weather events, therefore, may indicate pockets of above average hype. Thus, I would speculate that the 5 most hyped cities are, Newark, Madison, St. Louis, Salt Lake City, and Cleveland. John Zaller, in his paper, Market Competition and News Quality, claims that, as competition in a news market increases, the quality of news decreases. He further states that “pressures to abandon journalistic values in pursuit of larger audience share would be greater in bigger markets”. And that brings us back to New York, the biggest TV market in the US. With hype already built into the news landscape due to competition, the words of the mayor only helped to create a ‘hype superstorm’. The result was a surge of interest in the impending weather disaster, which led to a surge of interest in weather apps and programs, which led to an eventual surge in hacked devices. At least, this explanation cannot be easily discounted.


Malware-Bearing Apps can Bring Down Your Company

Bad apps are not a small problem. If an employee has an infected app on their mobile device then you have malware on your network, no matter how well you think your network is protected by data isolation software. The problem is that all data separation software (containerization, sandbox, cloud, VM) all have been breached. The solution is simple. Don’t use software. Keep employee mobile devices hardware-separated from your important data. Get the architecture that makes one mobile device into two virtual devices and keeps any app-based malware away from your important data. Check out InZero’s Workplay architecture and stop worrying about irresponsible employee online behavior.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , , , , , , , , . Bookmark the permalink.

2 Responses to Why Malware Attacks Increase During Bad Weather

  1. David M Lewis says:

    Another malware-laden app is the third-party “flashlight app,” sometihng one might want to install if bad weather threatened to put everyone in the dark.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s