Mozilla in Asia

Although not directly relevant to Mozilla, this recent Technical Report: Studying Malicious Websites and the Underground Economy on the Chinese Web on security in the Chinese Internet looks very interesting.  Amazing to see that gaming fuels the underground economy and that many of the transactions are done via Baidu and Taobao (which would be Google and eBay in the US.)

Ryan Naraine from ZDNet breaks out some of the key findings:

• “The market price of a Trojan is between tens to thousands Renminbi (RMB), and a package of 0-day powerful Trojan generator and evasion service can be up to several ten thousands RMB. 10 RMB is as of November 2007 equivalent to $1.34 US dollar.”

• “The administrators of certain personal websites attract visitors with the help of free goodies, e.g., free movies, music, software, or tools. These websites often betray their visitors: they sell the traffic (i.e., website visits) of their websites to Envelopes Stealers (people that buy traffic and malware) by hosting the Web-based Trojans. This means that innocent websites visitors are redirected via these malicious websites to other sites that then attack the victims. If the attack is successful, a piece of malware is installed on the victim’s machine.” The going rate: 40 to 60 RMB per 10,000 IP visits.

• Gamers are the linchpin of China’s underground economy. These folks are the victims of virtual asset theft–powers in games and virtual money. Without their demand, hackers wouldn’t have much to sell.

• Bulletin boards are the communications tool of choice. Specifically, Baidu’s bulletin board is popular with hackers. “One of the most prominent places for such markets within China is the Baidu Post Bar, the largest bulletin board community in China but with weak administration. Advertisements can be commonly found on several pertinent post bars at the site post.baidu.com. This system has a keyword-based structure, and there are no other entries to the post bar: if you do not know the keyword to search for, you will not find any malicious entries. The actors within the black market have their own, unique jargon, and thus it is hard for an outsider to find any information about this threat. The actual trading of virtual assets happens on public market places like Taobao. These very common online business platforms within the WWW are used by the cyber criminals to advertise and sell their goods. After a trade was successful and a Player has bought a virtual good, the money is sent commonly via Alipay.”

Technical Report: Studying Malicious Websites and the Underground Economy on the Chinese Web

This entry was posted on Friday, December 7th, 2007 at 2:40 am and is filed under China, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.