The Dark Visitor

The newest computer virus stats from Rising Anti-Virus, taken from Jan-Nov of 2008, show a 12.16% increase over the the same time period last year. Rising intercepted over nine million new virus samples with 83.4% of the sample comprised of trojans (5,903,695 samples) and back door viruses (1,863,722 samples). The majority of these viruses were used by hackers to steal virtual property.

While the section of the article I read doesn’t mention it, my guess is that these are third quarter results. If you compare the current chart with 2007, it only shows a 9.86% increase to date. So, keep in mind I’m a linguist, 2007 probably covered the whole year while the 2008 number only covered the first three quarters from Jan-Nov.

The pie chart above gives totals for 2008 as coming from 64% trojans, 20% back door viruses, 12% other viruses and 4% worms.

I haven’t actually had a chance to read the whole article (long) but did a quick scan and it looks worthwhile.  Opens with background on the PLA’s current capabilities and then gets into the cyber warfare section.

Hat-tip: Cherry (thanks)

New reader Cherry points out that not everyone in China is raging over the infamous “black screen.”  Some Chinese users are showing a sense of humor about the whole situation by creating desktop spoofs.

The official Microsoft black screen comes with the tag-line, “You are possibly the the vicitim of pirated software.”

The spoof reads, “I am possibly the beneficiary of pirated software.”

Below,”Black Screened?”

The cartoon above, from china.com.cn, shows a big hand in the sky with the Microsoft Windows logo holding a sword reading, “Attacking pirated software.” The thief running away at the bottom reads, “Sellers of pirated software.” Of course the guy in the chair is the “innocent” user.  Right.

The article that accompanies the cartoon, suggests that Chinese users might be just as much a victim of software pirates as Microsoft.  Cough.  Since Microsoft is using patch updates to cause the “black screen of death,” it might be better to visit third party sites for patches.  However, warning, hackers are using these types of sites to pass along malware.

No one has asked my opinion on this subject but I’m going to share it with you anyway.  Why? Because I’m in a really bad mood, it’s 4:20 am and I want to vent:

A guy comes to sell you a stolen lawn mower that you know belongs to your neighbor.

How do you know it belongs to your neighbor? It has his name etched right into the damn thing.

How do you know it was stolen? Because you were looking to buy a stolen lawn mower; you weren’t willing to pay full price.

Problem, this is a special lawn mower and will only run properly with fuel from your neighbor (Microsoft updates).   So, when needed, you decide to steal the fuel yourself.

Your neighbor discovers that you are using his stolen lawn mower and have the unmitigated gall to also steal his fuel.  He starts leaving out tainted fuel for you to steal but this screws up “your” lawn mower.  Boy are you pissed.

Yes, it is a horrible analogy.  It’s early…very early.

UPDATE: At least one Chinese user agrees with me, sort of.  His only concession however is to stop stealing the fuel.

Question: How long will it take for Chinese hackers, in a fit of moral outrage, to attack every website associated with Microsoft? 5…4…3…2…

Speechless…

An angry Chinese lawyer accused Microsoft of perpetrating the biggest ever hacker attack in response to the software giant’s controversial move to trigger hourly screen blackouts on computers using pirated copies of Windows XP. [Cast your vote]

On October 20, Dong Zhengwei, a lawyer of Beijing Zhongyin Law Office, sent a complaint to China’s Ministry of Public Security, accusing Microsoft of invading personal computers without user permission or judicial authorization, the Beijing Times reported.

Dong said the judiciary should assign criminal responsibility for the Windows Genuine Advantage Program so called “Black Screen” scheme and halt this “illegal move”.

To fight software piracy Microsoft announced on October 15 that, starting October 21, Microsoft anti-piracy software would be automatically installed on users’ computers through the routine Internet-based update mechanism. If a computer fails a validation test, the desktop will change to a plain black background when the computer is restarted.

Read it all, Microsoft accused of hacking attack.

Measured in 100′s of million

“Quantity has a quality all its own”

- J. Stalin

For all you number crunchers out there, CNNIC has released its 22nd Statistical Report on Chinese Internet Development. They have posted an English summary on their website, the full report is in Chinese:

With the Largest Amount of both Netizens and ccTLDs in the World, a Big Internet Power Is Taking Shape

by the end of June 2008, the amount of netizens in China had reached 253 million, surpassing that in the United States to be the first place in the world. This is according to a newly released Suvery Repot by China Internet Network Information Center (CNNIC).

This report, the 22nd Statistical Report on the Internet Development in China, also indicates the number of broadband users has reached 214 million, which also tops the world. The CNNIC also announced that, by the time of July 22, the number of CN domain names, which was 12.18 million, had exceeded .de, the country-code Top Level Domain for Germany, thus becoming the largest country code Top-Level Domain names in the world. These three major breakthroughs show a big Internet power is taking shape.

Continue Reading »

Calling on any government to fix a problem, gives you a dicey chance at best that it will be resolved. Now, call on the people who have skin in the game to assist and your odds of getting results rise exponentially.

From CNNIC, Chinese companies form Anti-Phishing Alliance:

In order to tackle phishing activities using CN domain names and to protect online safety, Anti-phishing Alliance of China (APAC) was founded on July 18, 2008. Its founding members include Chinese banks, securities companies, e-commerce companies, CN registry and registrars, as well as scholars. CNNIC, the registry of .CN, was appointed as the secretariat of APAC.

CNNIC was authorized to accept reporting about phishing sites, to organize an phishing site identification, and to stop its DNS resolution at once a phishing-site using CN domain name is identified.

Continue Reading »

That was the actual sound that came out of my mouth when I first viewed this picture from Xinhuanet of People’s Armed Police officers demonstrating new Olympic counter-terrorism equipment:

Eastwood, if you can bring me back one of these Segways-of-Death…man, we are buds for life!

Hat-Tip: GaoYuLong

At times, I get so busy going through Chinese hacker websites that I forget there are other methods of collecting information that should not be ignored. Fortunately, reader GaoYuLong reminds me that HUMINT has not passed the way of the dinosaur and we need to keep track of the methodology used by China. GaoYuLong points to two articles from the Epoch Times that clearly illustrates these techniques:

Chinese Regime Looks to Student-Spies to Push Agenda in Canada

It was a sobering moment. Countless Falun Gong adherents in mainland China had received similar threats, and hundreds—if not thousands—went on to face torture and brainwashing after being turned in by fellow students and teachers.

But Lingdi Zhang does not live in China. The then-computer science student was studying at the University of Ottawa.

FBI Chinese Advertisement Targets CCP’s State Security
An advertisement by the Federal Bureau of Investigation (FBI) aimed at Chinese-speaking residents of San Francisco’s Bay Area, ran from July 2 through July 8 in three local Chinese-language newspapers, seeking information about Chinese espionage to the United States.

Another great post over at Dancho’s on who is behind the GPcode Ransomware.  Probably just an available proxy in Liaoning but worth keeping an eye to see if these groups eventually start working together:

The John Dow-ish Daniel Robertson is emailing from 58.38.8.211 (Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), and Paul Dyke from 221.201.2.227(Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), both Chinese IPs, despite that these campaigners are Russians.

Of course read the rest of this article but check out his other posts…fantastic!