Sep 23 2008
UPDATED: I don’t usually post reader comments in the main blog but as usual, CBRP1R8′s input is just as interesting as the post itself. Added to bottom.
With as many compromised and unguarded systems as China has, you had to suspect this was the case:
On the other hand, we have found that many of the Chinese hackers will compromise large networks within their own country and use them as bots to attack other organizations, continued Jackson. For example, entire university networks in China will belong to local hacker groups.
China’s hackers do create botnets from spamming through email and blogs, but a relatively larger percentage of the compromised hosts under Chinese control are simply machines in schools, data centers, companies — in other words, on large networks — that are mostly unguarded and consequently are entirely controlled by hacker groups, as opposed to distributed bots harvested from widely distributed international spam runs, said Jackson. And often the groups have an insider in the networks they own. We also see many local hacker groups in Japan and Poland compromise hosts within their own country to use in cyber attacks, so the Chinese hackers are not alone in using resources within their own borders.
Read the rest on internal Chinese botnets…
CBRP1R8: This is actually one threat I’ve done a little research on while writing an internal whitepaper on China and the cost of doing business there.
One of the points I addressed in that paper had to do with the internal threat from both non-secured (physical) machines interacting with a company machine and/or a vendor (remote) connected machine that may be similarly connected.
Both can be extremely detrimental to the business aspects, having known or suspected compromised machine, bots or malware spreaders connecting to an internal secure network is a sure-fire way to ensure you will be attacked at some point. And that’s not even touching on the wireless machine topic of laptops.
I did do a bit of research on Chinese companies (that reported it) to show the amount of internal infections, from virus, malware and bothnet infections etc. A lot of that stemmed from using non-licensed or pirated software and at the same and after looking at some trend analysis over year to see what the comparison numbers were.
I found a substantial difference, in that the Chinese Machines were more infected, nearly 20-30% of the time more, over machines from Europe or USA. That being said, dealing with a local Chinese company that provides some sort of service (i.e. IT support or any sort of connection to your network) is like playing Russian Roulette with 5 chambers filled.
3 Responses to “Chinese hackers create botnets from computers within the PRC”