Chinese Hackers Waking up to Malware 65
An anonymous reader writes "An increase in malware originating from China has not gone unnoticed by security researchers, according to the site ITWeek. The aggravating software has been increasing over the last three months, to the point where some unlucky persons may be getting some every day. Individuals interviewed for the article are seeing an increasing sophistication and independent use of rootkits, new to the Chinese malware scene. 'China has traditionally been a hotbed of password stealers who go after log-in names and passwords for online games such as World of Warcraft. The criminals are after virtual currencies and goods which can be sold on auction websites.' These new types of software are actually encrypted, and can prove hard to dismantle."
Re:Catching up? (Score:3, Informative)
That's still local. (Score:4, Informative)
There was a cracked machine sitting inside your firewall and broadcasting on your internal network.
How it was cracked is the first issue.
Using it as a proxy is just weird. It would be more efficient and effective to use it to scan other machines to see if they're vulnerable and to run attacks on your administrator passwords.
Better yet, upload the BIOS info and see if a rootkit can be installed on the motherboard.
It is a strange attack because it doesn't match any of the standard reasons for attacking.
#1. Bandwidth - this for for spam and DDoS attacks.
1a. Crack one machine and upload the address book and anything that appears to be an email address so infected emails can be sent to those addresses.
1b. Crack one machine and scan that range to see if any other machines are vulnerable.
#2. Information - compromise one machine / router / whatever and use that to attack important internal machines via worms or password attacks.
The attack you describe is just
And they wouldn't get any more bandwidth from the attack (case #1) nor would they get information that wasn't more easily available (and less noticeable) via other routes (case #2).
One Child Law... (Score:4, Informative)
I mostly agree with what you had to say. The part about the one child law is not that accurate however, so I wanted to comment on it.
This hasn't really been in effect for as long as you think. My girlfriend and I are both 20, and her parents were both born well before the one child law. So probably the very first people born under this law have started to have children. I was also told by her family (not sure if this is 100% accurate) that the law works every other generation. So if you were a single child, you can have two children -- and they can have a single child, and their children can have two children, and so forth. In addition to all of this, it is worth mentioning that the population of China is still (slowly) growing, which indicates that the one child law isn't as strictly enforced as you might think.
With respect to the rest of what you said, I agree with a lot of it. External influences dictate a huge amount of the national policy in the country. To even keep up the pace of growth that they have been sustaining for as long as they have shows that they are hugely more aware of international and economic policy than many people give them credit for. At the end of the day, China will do what it needs to do to keep their economy strong and safe.
Re:SOP (Score:2, Informative)
China:
http://blackholes.us/zones/countries/cn.txt [blackholes.us]
Russia:
http://blackholes.us/zones/countries/ru.txt [blackholes.us]
For iptables:
#wget http://blackholes.us/zones/countries/cn.txt [blackholes.us]
#wget http://blackholes.us/zones/countries/ru.txt [blackholes.us]
#for IPRANGE in `cat cn.txt | awk '{print $2}'`; do iptables -I INPUT -s $IPRANGE -j DROP; done
#for IPRANGE in `cat ru.txt | awk '{print $2}'`; do iptables -I INPUT -s $IPRANGE -j DROP; done