Sep 23 2008

Chinese hackers create botnets from computers within the PRC

Published by at 2:51 am under Chinese Malware,Hacking for money

UPDATED: I don’t usually post reader comments in the main blog but as usual, CBRP1R8′s input is just as interesting as the post itself.  Added to bottom.

With as many compromised and unguarded systems as China has, you had to suspect this was the case:

On the other hand, we have found that many of the Chinese hackers will compromise large networks within their own country and use them as bots to attack other organizations, continued Jackson.  For example, entire university networks in China will belong to local hacker groups.

China’s hackers do create botnets from spamming through email and blogs, but a relatively larger percentage of the compromised hosts under Chinese control are simply machines in schools, data centers, companies — in other words, on large networks — that are mostly unguarded and consequently are entirely controlled by hacker groups, as opposed to distributed bots harvested from widely distributed international spam runs, said Jackson. And often the groups have an insider in the networks they own. We also see many local hacker groups in Japan and Poland compromise hosts within their own country to use in cyber attacks, so the Chinese hackers are not alone in using resources within their own borders.

Read the rest on internal Chinese botnets

CBRP1R8: This is actually one threat I’ve done a little research on while writing an internal whitepaper on China and the cost of doing business there.

One of the points I addressed in that paper had to do with the internal threat from both non-secured (physical) machines interacting with a company machine and/or a vendor (remote) connected machine that may be similarly connected.

Both can be extremely detrimental to the business aspects, having known or suspected compromised machine, bots or malware spreaders connecting to an internal secure network is a sure-fire way to ensure you will be attacked at some point. And that’s not even touching on the wireless machine topic of laptops.

I did do a bit of research on Chinese companies (that reported it) to show the amount of internal infections, from virus, malware and bothnet infections etc. A lot of that stemmed from using non-licensed or pirated software and at the same and after looking at some trend analysis over year to see what the comparison numbers were.

I found a substantial difference, in that the Chinese Machines were more infected, nearly 20-30% of the time more, over machines from Europe or USA. That being said, dealing with a local Chinese company that provides some sort of service (i.e. IT support or any sort of connection to your network) is like playing Russian Roulette with 5 chambers filled.

3 responses so far

3 Responses to “Chinese hackers create botnets from computers within the PRC”

  1. CBRP1R8on 23 Sep 2008 at 7:13 am

    This is actually one threat I’ve done a little research on while writing an internal whitepaper on China and the cost of doing business there.

    One of the points I addressed in that paper had to do with the internal threat from both non-secured (physical) machines interacting with a company machine and/or a vendor (remote) connected machine that may be similarly connected.

    Both can be extremely detrimental to the business aspects, having known or suspected compromised machine, bots or malware spreaders connecting to an internal secure network is a sure-fire way to ensure you will be attacked at some point. And that’s not even touching on the wireless machine topic of laptops.

    I did do a bit of research on Chinese companies (that reported it) to show the amount of internal infections, from virus, malware and bothnet infections etc. A lot of that stemmed from using non-licensed or pirated software and at the same and after looking at some trend analysis over year to see what the comparison numbers were.

    I found a substantial difference, in that the Chinese Machines were more infected, nearly 20-30% of the time more, over machines from Europe or USA. That being said, dealing with a local Chinese company that provides some sort of service (i.e. IT support or any sort of connection to your network) is like playing Russian Roulette with 5 chambers filled. :D

  2. Heikeon 23 Sep 2008 at 12:00 pm

    CBRP1R8,

    Hope you don’t mind but I posted your comment to main body of the article. Thought it added a lot, so pasted it at the bottom of the article.

  3. CBRP1R8on 24 Sep 2008 at 6:02 am

    No problem…I just saw a lot in that piece that was directly correlated to the research I had done in the whitepaper (ended up being 32 pages long :P ).

    A whole another paper was requested after I had oompleted that one which dealt specifically with the wireless threats (i.e. blackberrys, pdas and laptops) and China, but it was much smaller in comparison. It was directed more at internal company users taking company owned equipment to China and the who/what/when/where/how they should connect, and what to avoid.