The Dark Visitor

No big surprise here.  The PRC based company Huawei which has alleged ties to the PLA was preparing to partner with Bain Capital to buy a majority 16% stake in 3Com that would give them a board position.  There was some concern that this deal would give Huawei access to Tippingpoint, a 3Com subsidiary that makes IPS appliances used in .gov and .mil space.  

The Nautica clothing site in the Republic of China has been compromised by a malicious iframe that redirects to very well-known rogue anti-spyware pushers often associated with the Russian Business Network.  If the site is searched on Google, the index listing indicates that “This site may harm your computer”.

So naturally, the first thing I do is check it out.  

I was a little bit disappointed that all I found was an iframe redirect to meoryprof.info which 302’s to spywaresafe.net, which refused my connection.   Initially I thought it was because I was using wget so I passed a valid looking IE user-agent string to it and was still refused.  Google’s cache only shows the text “sl0n” on the site.  Not very effective malware, I guess. Most of these fake anti-spyware programs don’t use packers, debugger detection or any anti-RE techniques.  I have about 40 or so different versions of this type of malware.  

Reported a few days ago on Chinese hacker squeegee men and it seems like they are not very welcome in China.  An unidentified technology security company in Shanghai was busted for their unique brand of marketing.  A salesman would come calling and explain the horrors some online game companies experience through DDOS attack:

Oh, and did he forget to mention his company just happens to sell firewalls?  Probably a good idea to purchase this magic firewall because if you don’t, well a couple of days later…you experience those horrors he tried to protect you against.  Police decided to investigate and Manager Luo and Saleman Li were arrested.  Turns out, they were in it for the money.  Go figure.One section I couldn’t figure out involved a scene
talking about the Shanghai company and this website:

This is Chinahacker.com, a member of the Red Hacker Alliance, that I go to every now and then.  Exactly why they are used in the video to show where you can download DDOS attack software is still not clear, but no worries, I checked on the site and it is still up and running. Recent posts as of today, which is their yesterday…damn, International Dateline!

Full video of the story:

I spent the weekend in DC at the Shmoocon hacker annual.  It was a lot of fun and a great learning opportunity.  Simple Nomad made an historical reference to a Chinese trojan that a lot of people probably aren’t aware of or don’t remember.  Continue Reading »

That was my original title for this article but it has changed, now I consider
her the Keyser Soze (The Usual Suspects) of Chinese hackers.   I have gone through so many websites trying to figure out her past and just who she is that it has become a blur.  She is light, she is dark, she is mean, she is sweet, she is 26, she isn’t nearly that old…etc.  It is as hard to get a handle on her as it is to figure out the correct spelling of Keyser Soze, if that is indeed how it is spelled.  Anyway, I decided to just let you know what is not in contention and cut out all the other noise:

She was a member of the Six Golden Flowers until they broke up.  The line
underneath the picture at the top says:

“Don’t bring up the Six Golden Flowers with me again, I am developing on my own.”

Dark Angel’s Picture from The Six Golden Flowers

She goes by the names Dark Angel (黑暗天使) and Heihaitang (黑海棠).  As always with Chinese hackers, the meat to bone comes with the current website they run.  And, what she is doing now is using her reputation to sell hacker classes…just like every other Chinese hacker of any weight.

She offers 181 individual classes for about US $17 each (no deadline) and a year long structured course of 14 classes at US $170 (internal programs are free of charge).

It is rare to find mention of the role women play in Chinese hacker society, so I was surprised to find a page dedicated to the “Six Golden Flowers.” The text written on the pictures gives a small history of their years in hacking but little else.

Digging a little further showed that in 2007, security media sources inside China named one of the members of the “Six Golden Flowers” as the most active and influential Chinese hacker in the country.

Another member of the group has received a great deal of press and even a video tribute…
Continue Reading »

Just found some very good background information about China and hacking the iPhone at Nanfeng Oranges.

One of the big problems with the iPhone is that it lakes a Chinese input method. But, hardworking Chinese hackers have addressed this problem with a little piece of software called iCosta. Problem solved.

Kunzilla at West/East also has a very nice article on the China iPhone Underground Chain.

In fact, there is a huge community which provide tech support for iPhone. Some of them are for their own profit, some are only to have fun, some of them are to establish their names within the community. To call these tech lovers, product forums or even hackers, the largest and the most efficient R&D center, is very suitable. And they are doing a far better job than the engineers at Apple.

Kunzilla gives a more detailed report on the Chinese input program iCosta here.

His words, not mine…

 An insidious computer virus recently discovered on digital photo frames has been identified as a powerful new Trojan Horse from China that collects passwords for online games – and its designers might have larger targets in mind.

Further…

‘It is a nasty worm that has a great deal of intelligence,’ said Brian Grayek, who heads product development at Computer Associates, a security vendor that analyzed the Trojan Horse.

The authors of the new Trojan Horse are well-funded professionals whose malware has ’specific designs to capture something and not leave traces,’ Grayek said. ‘This would be a nuclear bomb’ of malware.

Read more on the “nuclear bomb” of Chinese hacker malware…

UPDATE: Reader 回声 points out this is over a month old and provides a link to the Washington Post with a number to call in case people feel they might have gotten the bug.

“Best Buy urges any customers who feel they might be affected by this problem to call Insignia customer service at 1-877-467-4289.”

This post just wrote itself:

See those two characters at the top 黑客, Hacker.  See that amazing specially balanced yo-yo underneath, nirvana.

You can pick yourself up one of these at Wanjubaba…

Gotta know the code if you want  to understand the talk.  I remember reading this article when it first came out at Chinasnippets and thought it was kinda cool.  Of course, I am somewhat of a geek.  Just like we have our own shorthand for typing on the computer and sending chat messages, so do the Chinese.  With around 150 million Chinese online, you better start picking it up:

Internet slang:

“BT” (short for “Bian Tai”) means abnormal
“Qingwa” (frog) ugly boy
“GG” (short for “gege”) older brother
“JJ” (short for “jiejie”) older sister
“FT” (short for “faint”) faint
“GF” (short for “girl friend”) girl friend
“BF” (short for “boy friend”) boy friend
“Kao” expletive
“PF” (short for “pei fu”) admire
“PP” beautiful
“PLMM” beautiful girl
“TMD” (short for “ta ma de”) expletive his mother
“SB” (short for “Sha bi”) expletive
“SF” (short for “xi huan”) to like
“88″ (pronunciation similar to “bye bye”) bye bye
“3Q” (pronunciation similar to “thank you”) thank you
“94″ (short for “jiu shi”) that is
“42″ yes
“PMP” (short for “pai ma pi”) to- bootlick
“520″ I love you
“NB” (short for niúbī) Bull’s dick- Somebody/something is super great
“5555″ (Short for wǔwǔwǔwǔ) Sound of crying

An even more extensive list of Chinese chat codes is posted out at Yellowbridge.com:

The proliferation of pager, chat rooms, instant messaging, and phone text messaging has created a whole new set of acronyms and codes designed to minimize the amount of typing. First it was fairly simple acronyms like IMHO (“in my humble opinion”) or AFAIK (“as far as I know’). Telephone and pagers, lacking a full keyboard required more inventive approaches such as using 07734 for “hello” (read upside down) or “10″ for “you are perfect” (as in a perfect 10). Modern communications technologies, especially the cell phones, are if anything, more popular in Asia than in the West. So what do the Chinese use for codes? The Chinese language, not being alphabetic, does not lend itself to the use of acronyms. However, a few acronyms based on pinyin spellings do exist. Examples include GG for older brother (哥哥, gege) or MM for younger sister (妹妹, meimei).

There are a lot more of these chat codes posted a J. Lau’s Yellowbridge…