Apr 08 2008
So not only is the PRC the largest victim of spyware, they seem to have a significant problem securing their .gov web servers too.
Some interesting Google searches you may want to try:
site:gov.cn intitle:”hacked by”
site:gov.cn “iframe src” width..0
So the first search yields 818 results. That search represents PRC .gov pages that were defaced. Many of these are probably on the same hacked server. Most of the sites seem to be regional government servers. There are a lot of political messages from Iranian and Turkish hacker groups.
To put this into some perspective here are the results from other countries that seem to use the .gov domain naming convention like .gov.cn:
.gov (USA): 04
Saudi Arabia comes in 2nd with 543 results mostly from the same server and mostly dealing with pharma spam. Taiwan has probably the best single defacement result:
It makes me wonder about the motivation of this “PLA” hacker. Was this a serious political statement by a patriotic hacker or was it someone trying to be funny by attributing this defacement to the PLA?
So searching for site:gov.cn will limit the search results to the government of the PRC. Adding “iframe src” will limit the results to pages with iframe tags in them and the width..0 limits the search to those with invisible iframes only (the dots let us include width=0 or width=”0″ cases). So the result seems to be a lot of pharma spam injected into forums and bulletin boards.
If you add .exe you can get a lot of malware. I used this to pull down some malware that I analyzed last night. It turned out to be a well known keylogger that was picked up by 30/32 on virus total. Yawn. More to follow…
4 Responses to “Chinese .gov sites pwn3d”