The Dark Visitor

Hackers gotta eat too.

Robert McMillan, from IDG News Service, provides another great article looking at the Chinese cybercrime industry:

With China’s economy cooling down, some of the country’s IT professionals are turning to cybercrime, according to a Beijing-based security expert.

Speaking at the CanSecWest security conference last week, Wei Zhao, CEO of Knownsec, a Beijing security company, said that while many Chinese workers may be feeling hard times, business is still booming in the country’s cybercrime industry.

Read the full article on China Becoming the World’s Malware Factory

From Techspot:

Apple may have a big problem on its hands with iTunes gift cards. According to Chinese record industry consultancy firm, Outdustry, the algorithm behind the cards has been cracked and as a result $200 voucher codes are being sold for as little as $2.60 online.

Read the rest here.

Warnings are going out from Chinese anti-virus companies to use caution when shopping online for women’s clothing.

International Women’s Day will be celebrated around the world on 8 March and security personnel have issued a warning that fashion websites are highly attractive targets for Chinese hackers.

Who knew?

According to Kingsoft Anti-Virus, the “Crab Group” is one of China’s top-5 virus dissemination families and responsible for the recent infection of around 30 million computers.

Kingsoft’s 2008 Year-End report reveals that within hacker circles, the majority of money is earned by establishing viral dissemination chains.  While a virus author may earn a salary of one million yuan a year (approx USD 150,000), it was possible for a viral dissemination group to earn ten million yuan (approx USD 1.5 million) yearly.

The Crab Group had gained access to a unidentified trusted server in Guangdong, uploading viruses and trojans on popular websites.  The group had been using the “Cat Ringworm” virus, a.k.a Charging Bull, as their primary dissemination tool and infected around 30 million computers.

For background on the Chinese hacker virus industry chain read here, here, and here.

What does the Charging Bull have in common with the Chinese Vampire? According to Dr. Shi Xiaohong, who performed extensive analysis on the two viruses, they were written by the same author.

Sina Tech News has been reporting on the rapid spread of a relatively new virus called “Charging Bull.” Probably got the name from appearing around the same time as the Chinese New Year, Year of the Ox.  Let’s face it, “Charging Ox” does not sound cool.

In June of 08, we told you about Chinese Vampire and later the next month about the big controvery surrounding the original author.

Jiangmin Anti-Virus is warning that the E-Rose Virus is making the rounds this Valentine’s Day.  In 2006, China had the largest number of computers infected from the spread of this malware.

Sometimes it doesn’t really matter how many layers of security your bank has if your personal computer is infected. A victim of Chinese hackers using the Korean bank Hana, may…or may not have learned this lesson:

According to investigators at Seoul’s Gangnam Police Station, the hackers breached the online account of the victim, identified only as Seok, on Jan. 5, and moved money from the account three times, 7 million won at a time, despite Seok having been tipped off by Kookmin Bank earlier that day that her online bank account had been accessed by a user from a suspicious Internet protocol (IP) address based in China that had been used in another hacking attempt in August last year.

Yesterday, Jiangmin released their 2008 Computer Virus Epidemic report showing the top 10 viruses for 2008.  The report further noted that online organized crime elements were forming underground industrial chains to manufacture and disseminate viruses.

In 2008, there were 1.09 million viruses intercepted, representing an increase of over 200% from 2007.  The report also stated that over 28 million computers had been infected by viruses and this reflected a drop of 18.39% from 2007 due to enhanced security awareness.

Trojans accounted for 78% of all viruses intercepted, backdoor programs 10%, malicious advertisements 4%, worms 6%, and all others 2%.  Presenting the biggest problem, trojans and backdoor viruses increased 10% when compared to 2007 statistics.

China’s Top 10 Viruses for 2008

1. Trojan/PSW.OnLineGames
2. Trojan/PSW.GamesPass
3. Trojan/Agent
4. Checker/Autorun
5. Backdoor/Huigezi
6. Trojan/PSW.QQPass
7. Exploit.CVE-2007-0071
8. Trojan/StartPage
9. Trojan/DogArp
10. Win32/Infectrpcss

Not all Shanzhai’s are created equal.

A Nanjing area prosecutor’s office has arrested four chief suspects in connection with a fraudulent internet scheme. The suspects used a fake Alibaba website (in Chinese, a blatant knock-off  is referred to as “Shanzhai”)  and 400 cell phones to steal hundreds of thousands of yuan from residents in more than 20 provinces and cities.

On 9 April 2008, Nanjing resident Li stated he received notification from Alibaba’s “information system” that his account had been selected as the grand prize winner in a lottery sponsored in cooperation between Alibaba and the Sony Corporation.   The grand prize was 38,000 yuan in cash and a Sony notebook.

Li clicked on the link provided showing the contest’s details and rules. The website also gave a telephone number 40067588XX, which he called numerous times to talk with people who identified themselves as the “Alibaba staff.”  Li used his ATM card to pay contest fees such as “award taxes,” “personal income tax,” “express mail fees, “award insurance,”…etc. The total on that bill came to 26,550 yuan.  Li finally figured out the whole thing was a scam…tears of pride were shed in Nigeria.

Much more stuff but bottom line…

Shanzhai, it is only funny when we do it to you.

While C and VB languages are a bit more popular, the Chinese programming language “Easy” is coming into fashion.

Chinese hackers used Easy to compile “Worm.Win32.AutoRun.kkr.” According to Micropoint Anti-Virus, the worm’s icon is “” (some of you computer smart guys may need to patch this section up a bit) and when installed won’t reveal hidden documents and conceals known extensions.