The Dark Visitor

So it turns out that the changes CNNIC has made to restrict registration of .cn TLD domains to business license holder has had at least a temporary impact on spam tactics.  Doesn’t seem to have made any difference in the volume but spammers are now moving away from purchasing new inexpensive .cn domains for spamming.  Here is the link to the Sophos Labs blog that contains this revealing graph:

The .cn Top Level Domain has been frequently associated with malware, pornography and spamvertising.  In an apparent effort to clean up the TLD, China NIC has started requiring a business license in order to register a .cn domain.

The China Internet Network Information Center (CNNIC) published a notice Sunday saying that applicants must submit written applications to the registration agents. The written materials must include an application form with an official seal, an enterprise business license and the registrant’s ID card.

In addition, the NIC will actually attempt to notify and verify individually owned .cn sites.  If a site owner doesn’t respond in after five days, the domain will be revoked.

CNNIC plans to verify the information of the owners of personal site in the nation. Those found unqualified to have a site will be required to update the information in five working days, otherwise they will be shut down.

This is an interesting development.  Clearly, something needed to be done about the .cn TLD garbage sites clogging up the tubes.  I’m not sure what this means for individual site operators though.  I’m sure it is still possible for individuals within the PRC to get a non-cn TLD and host their websites outside of the mainland.

Source: “All .cn websites require business license” – http://business.globaltimes.cn/china-economy/2009-12/491515.html – Linked from Danwei.

HT to Sunbelt for this article about the piloyd worm jacking up web pages in the PRC.  Not enough details yet to determine the vector.  According to Sunbelt’s article, it is 8/41 on virustotal.com.  I’ll update this post if I’m able to collect a sample for analysis.

Here are some details from  threatexpert.com.

The article from Alibaba reports that the website was down on Tuesday but as of a few moments ago when I checked, it was back up and running:

The post-90 generation teens that run 2009.90admin. com, wrote on their website, “We are not Internet attackers, we are just a group of computer fans; we are not mentally handicapped kids, we are the real patriotic youth. We’ll target anti-China websites across the nation and send it as a birthday gift to our country.”

The site was the subject of hot debate on the Chinese version of twitter but could not be viewed Tuesday. Efforts to reach the site’s operators were unsuccessful.

The 500-word statement appeared over a red and black background decorated with a flying national flag.

Taiwanese organizers in Kaohsiung, Taiwan’s second largest city, plan to show the controversial film, “Ten Conditions of Love” next month, sparking outrage in the Chinese hacker community once again.  Given the fact that it is Taiwan, it is doubly outrageous. 

The film’s showing in Melbourne last month sent Chinese hackers on a mini-rampage, see here, here, here and here.

Now all eyes turn to the Taiwanese film festival:

Anonymous hackers have attacked a Taiwan film festival over plans to screen a documentary on the US-based leader of China’s predominantly Muslim Uighur minority, festival organizers said Tuesday.

A message, posted on a blog run by one of the organizers of the Kaohsiung Film Festival, blamed Rebiya Kadeer for recent bloody unrest in northwest China’s Xinjiang region, which is home to the Turkic-speaking Uighurs.

“I don’t know if you heard about the violence (in Xinjiang) and if you know how many people were left homeless. It is all because of that woman,” said the message, referring to Kadeer.

This was posted by Scott Henderson (Trying to comply with the law of the land)

Green Dam, the censorship software that the Chinese government wanted on all PCs sold in China, turned out to be a flop. Beijing’s still keen on exerting greater control over the Internet, though, and Jonathan Ansfield has a good story in the New York Times about the censors’ latest tactic. According to Ansfield’s story, new “secret government orders” have been forcing popular Chinese websites to require new users register with their real names before posting any comments online.

Someone may want to alert Guinness that a new spin record was just set in China:

Despite its suspicious name, hackbase.com’s operators want to let people know it is a legitimate computer school for defensive purposes and not an illegal hacking school.

“We don’t train hackers, instead we provide professional training for Internet security. It’s up to the trainees whether they want to be a hacker or network administrator,” said Chen Qian, director of the training department.

The online classes are given in the evening and cover topics such as computer maintenance, anti-virus, data recovery, code protection and network attack and defense.

The courses, which cost between 398 to 1,998 yuan ($58- 292), are “easy” and aimed at everyone, even those without a college background or without English language skills, Chen said.

Hong Lei

More on Tomato Garden and the arrest of Hong Lei, the author of the pirated software.  Online polls show massive support for Hong Lei as a nationalist hero:

The Chinese IT community is abuzz with news of the arrest of Hong Lei, distributor of the popular “Tomato Garden” pirate version of Windows XP, which means the popular unlocked version of the Microsoft software will no longer be available.

According to Sina.com, more than 90 percent of users they surveyed are or were users of Tomato Garden pirate editions. And 79 percent said they were on Tomato Garden’s side. Less than 5 percent said they supported Microsoft.

The Wall Street Journal has some interesting interviews with people inside China concerning the case and the drivers behind the software theft.

According to the chief editor of the newly launched Chinese Ministry of National Defense website, since its opening on 20 Aug 09, the site has been under assault from a variety of different types of hacker attacks.  The report notes that the attacks have not affected website operation.

Very good article from the NYT comparing social use of networks between the US and China:

Chinese broadband users above the age of 13 number 286 million, nearly double that of the U.S. broadband population, says a new report from market analysts Netpop Research. In five years, Netpop forecasts, that number will double.