Archive for July, 2009

Jul 29 2009

Windows 7 Ultimate on sale for $1

Published by under Hacking for money

Oh my, Chinese hackers may have cracked Windows 7.  No need to connect to Microsoft activation server:

It must have been a complicated process, but in a nutshell, hackers reportedly used the leaked ISO file to get hold of the activation certificate that Microsoft digitally signed for the original equipment manufacturer, or OEM version of Windows 7. It’s rumored that the key that got hacked is one that can be used to activate multiple OEM-branded installations, such as Dell’s, HP’s, or, of course, Lenovo’s.

3 responses so far

Jul 27 2009

Chinese hacker, now just phoning it in


The Chinese hacker who defaced the Melbourne Film Festival website signed his message of protest with the sid Oldjun.  To obscure his online identity, he named his personal website…  Some people just don’t care about their chosen profession and it shows.

Even the people who have stopped by Oldjun’s blog are dismayed by his total disregard for anonymity.   They point out that his personal info is all over Baidu and his blog site.   It gives away his surname, age, where he went to school and ID number.  They joke telling him to run and hide. tracked Oldjun down using a Whois lookup on the website and got him to confess:

After tracing the domain name Oldjun, The Sunday Age spoke to Zhou Yu, 24, an IT professional from Nanjing, who admitted hacking the site after learning about the controversy from the internet.

Mr Zhou denied acting on behalf of the Chinese Government, stating he acted ‘because I am Chinese. I’m very angry — not only me, but I think all of the Chinese people— about this.’

As an added bonus, our old friend Sunwear shows up in the comments section.  My theory still holds that if Sunwear is present, something bad is happening.

Comments Off

Jul 26 2009

Chinese hackers unfamiliar with traditional method of film review

Published by under Nationalism,Other attacks


They were unhappy with the Melbourne Film Festival showing a documentary of Uighur activist Rebiya Kadeer:

Chinese hackers sabotaged the website of Australia’s biggest film festival over plans to screen a documentary about a Uighur activist China accuses of stirring unrest, a report said Sunday.

Hackers attacked the Melbourne International Film Festival website on Saturday, replacing information with the Chinese flag and leaving slogans criticising exiled Uighur leader Rebiya Kadeer, The Age newspaper reported.

Someone needs to explain the thumbs up/down or star system to these guys.

6 responses so far

Jul 23 2009

Chinese firms and “Sexy Space” trojan

Published by under Chinese Malware

Looks like we are going to have to add a new category to the blog; at least until this damn mobile phone fade is over:

F-Secure’s senior security response manager, Chia Wing Fei, explained that the Trojan would have allowed attackers to simply send a link via text message to a malicious Web site and prompt the mobile recipient to download the worm. Once the malware would be installed, it could send similar text messages to all contacts listed on the phone.

“These messages are sent in your name and from your phone,” Chia said. “It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you ($25).”

Read more on “Sexy Space” trojan.

3 responses so far

Jul 22 2009

Namibia, what Namibia?

Published by under Censorship,China internet

Now for a break from the Adobe zero day stream…

The censors in the PRC are now apparently blocking searches and taking down articles related to a recent bribery scandal over a multi-million dollar contract in Namibia.  The censors at got a little ambitious and briefly blocked any searches that contain the word Namibia so any search was filtered rather than just results that contained information about the scandal.  As of this post, it appears that searches for “纳米比亚” work just fine without any error message – news about the scandal still does not appear however.  Maybe next they will reach into Chinese Kindles to delete anything related to Namibia. briefly blocked searches for 纳米比亚 (namibia) briefly blocked searches for 纳米比亚 (namibia)

Source: Open Net Initiative:

Comments Off

Jul 21 2009

Panda Burning Incense author to work in “Computer Security”

Published by under Uncategorized

According to Yangtze River News, the author of the virus “Panda Burning Incense,” is due to be released from prison at year’s end and plans on working in computer security.  Li Jun, also known as the “Virus King,” designed the “Panda Burning Incense” virus that wreaked havoc across the Chinese internet from December of 2006 to January of 2007.  The virus infected between 300-500,000 computers daily; with at least 10 million infected in total.  The virus earned Li between 3-5,000 yuan each day and the highest day’s income was 10,000 yuan.

After his arrest and trial, Li was sentenced to four years in prison of which he has currently served 2 1/2.   Li’s sentence has been reduced and he thinks he will be released at the end of the year.  His three accomplices have already been released.

When he gets out, Li plans to go to Shenzhen and look for a job with a large computer security company and pay back his parents.

What could go wrong?

2 responses so far

Jul 20 2009

26% of Chinese would-be criminals prefer hacking

Published by under China internet,poll

A recent online poll asked Chinese netizens:  “Given a 100,000RMB/month salary, what criminal job would you prefer?” – the largest percentage of respondents chose “Freelance Hacker” over Human Trafficker, Assassin, Drug Dealer, Gambler, Gang Leader, Spy and Robber.


This reminds me a little bit of this report about a survey that indicated that many middle-school aged kids in the PRC revere hackers and aspire to be one.  However, the glamor has faded as so many Chinese people have been personally affected by malware as once patriotic PRC hackers turn to profits.  Then again, I probably would have picked hacker too because the other options just aren’t very appealing.  Hey kids, who wants to be a human trafficker when they grow up?

One response so far

Jul 19 2009

Leader of Chinese hacker group that planned DDoS attack on CNN identified

In April of 2008, we reported Revenge of the Flame‘s plan to carry out a DDoS attack on the CNN website.  A series of events during that time period enraged the Chinese online community: European nations harshly criticized China’s response to the Tibetan uprising; pro-Tibetan independence protesters in Paris tried to snatch the Olympic torch from the hands of a wheelchair-bound Chinese female athlete; and Jack Cafferty, a CNN commentator, referred to Chinese products as “junk” and called the Chinese government “goons and thugs.”   In response to these insults, Anti-CNN called for overseas Chinese in Europe to wave the Chinese flag and raise their voice to the sky.

In response to these same events, a hacker, using the online name cn_magistrate, formed a group called Revenge of the Flame and announced his plan to carry out a DDoS attack on the  CNN website.  We followed the events as calls went out for Chinese netizens to join the action.  We were there when cn_magistrate called off the attack and disbaned the organization.  Then he vanished…



Cold Case:  Yeah, we keep looking.  Finally located him through a combination of e-mail address, website and online name.   Below are the results of a Whois search we conducted on the associated website during the time of the attack (Notice the website name and e-mail address):

Domain Name:
ROID: 20070811s10001s50288265-cn
Domain Status: ok
Registrant Organization: 判官
Registrant Name: 判官
Administrative Email:
Sponsoring Registrar: 北京万网志成科技有限公司
Name Name
Registration Date: 2007-08-11 11:59
Expiration Date: 2008-08-11 11:59

cnmagistrate2 website letter

The image seen above was taken from cn_magistrate’s current blog showing the old URL,  which was associated with the CNN attack.


This reply from cn_magistrate in the comments section of his blog shows the e-mail address, used to register



He claims to be a Taiwanese citizen…

I’ve written to cn_magistrate and asked if he will talk to us about the incident.  Off topic, did anyone hear the news about Taiwan and the US coming closer to an extradition agreement?  That would be cool.

3 responses so far

Jul 16 2009

China: 338 Million internet users, 13 million websites

Published by under China internet

“Quantity has a quality all its own”

-Joseph Stalin

China Daily reporting the new numbers from CNNIC on internet growth in China:

- 338 million internet users, 13.4% increase since end of 2008

- 12.96 million websites holding .cn domain

- 155 million people access the internet via their mobile phone

- 87.88 million people shopping online, an increase of 14 million

- 320 million users have broadband

7 responses so far

Jul 14 2009

Sino-Turkish cyber conflict in the making?

Published by under Nationalism,Other attacks

On 11 July 2009, Turkish hackers defaced China’s National Satellite Meteorological Center website.   Even though the motivations behind the attack were unclear, Chinese netizens viewed it as the opening salvo in an online war over Xinjiang.

On 13 July 2009, a Chinese hacker calling himself the Mafia Baron defaced the Turkish Embassy in China and posted a message on their website demanding they stay out of China’s internal affairs:

Two reasons this could end badly:

  1. The Chinese online community is hailing this as the beginning of counter-attacks against Turkey and the news is spreading rapidly.  Issues involving China’s  sovereignty have a tendency to bring out nationalist sentiment.
  2. The Chinese government is also lashing out at remarks made by the Turkish prime minister that could possibly be interpreted as encouragement for the hackers to take further action.

Comments Off

Next »