Dec 17 2007

Chinese Hackers Just Making US Look Bad

Published by at 6:46 pm under Chinese Malware

Well 2008 is suppose to be the year of the Chinese hacker…wasn’t 2004 also their year? Anyway, to keep up this winning streak, they have also made it to the top of the list of countries hosting malware.

maltop20.JPG

Even though this is a bit old, from Oct of this year, I thought it was interesting.

So where does all this malware come from? In order to answer that question, it’s necessary to take a look at the solutions used by cyber criminals to host malware.

Malware hosted on the Internet can be present through a range of ways. It can be found on compromised home machines, which are infected with bots running tiny HTTP servers that become distribution points. Or it can be present on the hacked websites of ISPs. A very popular choice is companies that give away small amounts of free web space for users to build their own homepage. Such samples include www.pochta.ru, www.googlepages.com, www.100freemb.com, www.dump.ru or www.home.ro.

There have also been cases where stolen credit cards were used to purchase a domain name and a hosting package from a legitimate ISP; these were then used to distribute malware.

Continue reading Top 20 Countries Hosting Malware…

2 responses so far

2 Responses to “Chinese Hackers Just Making US Look Bad”

  1. jumperon 30 Dec 2007 at 10:55 am

    One interesting problem with surveys of malware and spam sources is that they only seem to collect spam, malware and phishing emails that are intended for English speakers. I wonder what the stats would look like if they factored in all of the malware that was intended for Chinese people? I know there are a lot of password stealing trojans and QQ exploits out there that don’t really make news in the west.

  2. Heikeon 30 Dec 2007 at 4:57 pm

    Jumper,

    I think you are absolutely right and as you are well aware, this is big business for these guys. Can’t remember a day when a new trojan has been up for sale on one the sites. It is getting even harder to track now with all of the individual hacker blogs openning up. They use to only appear on the major hacker sites but now I’ve started to see individuals offerinig various malware for sale.