Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chinese Hackers Waking up to Malware

Zonk posted more than 7 years ago | from the geopolitics-has-nothing-to-do-with-it dept.

Security 65

An anonymous reader writes "An increase in malware originating from China has not gone unnoticed by security researchers, according to the site ITWeek. The aggravating software has been increasing over the last three months, to the point where some unlucky persons may be getting some every day. Individuals interviewed for the article are seeing an increasing sophistication and independent use of rootkits, new to the Chinese malware scene. 'China has traditionally been a hotbed of password stealers who go after log-in names and passwords for online games such as World of Warcraft. The criminals are after virtual currencies and goods which can be sold on auction websites.' These new types of software are actually encrypted, and can prove hard to dismantle."

Sorry! There are no comments related to the filter you selected.

SOP (-1, Offtopic)

Frosty Piss (770223) | more than 7 years ago | (#18387533)

Reinstall... Nice to have the real discs and not the useless "restore" disks...

Re:SOP (0)

Anonymous Coward | more than 7 years ago | (#18388113)

Troll? Or reality, maybe? Certainly not "troll". Point being, after a certain point, malware DOES require a reinstall. How's that a "troll"?

Only on Slashdot...

Re:SOP (1)

DogDude (805747) | more than 7 years ago | (#18388687)

Actually, my SOP is just to block all IP traffic from China and Russia and other such nasty places. That helps a LOT with all kinds of malware and spam.

Re:SOP (1)

Frosty Piss (770223) | more than 7 years ago | (#18390915)

How does one find what IP ranges Russia and China use?

Re:SOP (2, Informative)

Anonymous Coward | more than 7 years ago | (#18392051)

How does one find what IP ranges Russia and China use?

China:
http://blackholes.us/zones/countries/cn.txt [blackholes.us]

Russia:
http://blackholes.us/zones/countries/ru.txt [blackholes.us]

For iptables:
#wget http://blackholes.us/zones/countries/cn.txt [blackholes.us]
#wget http://blackholes.us/zones/countries/ru.txt [blackholes.us]
#for IPRANGE in `cat cn.txt | awk '{print $2}'`; do iptables -I INPUT -s $IPRANGE -j DROP; done
#for IPRANGE in `cat ru.txt | awk '{print $2}'`; do iptables -I INPUT -s $IPRANGE -j DROP; done

And you end up blocking me, too (1)

Joseph_Daniel_Zukige (807773) | more than 7 years ago | (#18391857)

Comcast blocks mail from my ISP. I can't contact my sister from that mail address to her comcast address. I told them about that, and they said _I_ have to access their blacklist page and tell them through that that my ISP is legit after all. No, I can't tell them by e-mail, even if I use google mail to contact them. So my sister doesn't use comcast mail, and will soon not use comcast at all.

Re:And you end up blocking me, too (1)

DogDude (805747) | more than 7 years ago | (#18394983)

I don't understand what my business blocking IP traffic from China and Russia has to do with your sister's problems with Comcast.

broad brush (1)

Joseph_Daniel_Zukige (807773) | more than 7 years ago | (#18400339)

that you paint russia and china with probably picks up my provider in the swath, too

so, if there is some reason you need me to send you e-mail, i have no way to tell you that you have me blocked

Catching up? (0)

phantomcircuit (938963) | more than 7 years ago | (#18387549)

Malware Rootkits AdWare is all pretty standard stuff.

How exactly is this news?

Re:Catching up? (3, Informative)

Anonymous Coward | more than 7 years ago | (#18387675)

...because for the most part its all in chinese. think about it, we pretty much have "western" adware and spyware mapped out to the point where we know whos behind what and what the files are doing. security researchers can map out whole families of CWS, even if they don't specifically know whos behind it. throw some chinese adware on a pc however, and even something as basic as the sites popping up is a strange new experience. are the sites legit? hacked? the adware guys current flavour of the month? who knows? and thats before youve even got to the adware. i imagine the problems are multiplied when dealing with something more malicious.

Re:Catching up? (2, Funny)

cp.tar (871488) | more than 7 years ago | (#18388041)

...because for the most part its all in chinese.

That's a tough one to notice, eh? Ads in Chinese... "I don't understand this shit, maybe it's free pr0n!"

Adware is adware, rootkits are rootkits... I don't care what language they're in - English, Chinese, Swahili or even Basic.

They're annoying all the same.

Re:Catching up? (0)

Anonymous Coward | more than 7 years ago | (#18388193)

i'm not talking about the problems it will cause for the end-user, im talking about the problems it will cause for the people researching it / attempting to get it shut down. it kind of hampers the takedown process when you don't know what sites are legit, what sites have been backdoored, untangling registration details and the adware landscape / industry in general. i also imagine some of the legal perils could be the same - what happens if a western vendor calls a "legitimate" chinese adware vendor "spyware"? if you did that in the west, you'd probably be facing C&Ds.

Re:Catching up? (1)

Jimbitz (1060548) | more than 7 years ago | (#18393803)

yeah, I have experienced the chinese spyware/malware. Seems like Spybot S&D & Spyware Blaster doesn't really know that it's a spyware.
Using HijackThis and other security tools provided I managed to get rid of that damn spyware with the help of an expert from a forum.
If you can stay away from those suspicious chinese sites please do.
Else it's going to be hectic for you later.

Re:Catching up? (4, Insightful)

tinkertim (918832) | more than 7 years ago | (#18387731)

Malware Rootkits AdWare is all pretty standard stuff.

How exactly is this news?


That which serves ads must be news.

Re:Catching up? (1)

Threni (635302) | more than 7 years ago | (#18388027)

> That which serves ads must be news.

Yeah, there was a token amount of "news" hidden in the corner of the screen, but not such that it inteferred with the zillions of ad links there.

> Ah yes, his heads' been ripped off. I shall get him another. | echoreply [echoreply.us]

"Heads'" contains one too many characters.

National Security Nightmare? (2, Funny)

cyberbob2351 (1075435) | more than 7 years ago | (#18387577)

Maybe the sony rootkit was a front to steal national secrets?

Re:National Security Nightmare? (1)

Upaut (670171) | more than 7 years ago | (#18387609)

Only if national secrets exist in Barrens chat...

Re:National Security Nightmare? (0)

Anonymous Coward | more than 7 years ago | (#18387667)

Ssh, don't let them find out.

Fox News channel buys Slashdot (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18387647)

Fox News channel buys Slashdot !! A perfect fit !!

Pretty cool stuff, actually (5, Interesting)

shrapnull (780217) | more than 7 years ago | (#18387873)

This article is interesting because a) I've seen it firsthand this past week, and b) Some of these are actually very sophisticated attacks.

One of our buildings was going through an antivirus upgrade over AD when it got hit. Every machine in the building was getting an iframe in the web browser from some Chinese ISP (usa.d3a.us) that would bracket the computers web browsing session throughout its duration. The iframe contained javascript designed to capture passwords from gmail and other public websites, in essence a browser-based keylogger. Of course, blocking the offending domains through our filter got rid of the iframe, but it still affected websites because now they all had broken source code (wonderful XML render errors on just about every website, including google).

Then the hunt was on.

The 'sophistication' I witnessed comes from the fact that no matter how many of these boxes we cleaned and patched, the iframe source code kept popping up everywhere. I ran a Wireshark on it and discovered something rather interesting (to me anyways). The software was attacking the router's ARP table, by feeding it a bogus mac address (one of the infected machines) in essence redirecting all network traffic to a software-based proxy. Tracking down machines via MAC address and patching them eventually resolved the issue long enough to update the antivirus on the network, but I left the place somewhat in awe of what I had just seen, having most of my network antivirus experience involve easily blockable/patchable worms and viruses.

While an ARP attack isn't all that uncommon, the presence of Chinese characters on every infected machine was a dead giveaway. Not exactly something I'd ever seen from a country more historically known for installing local keyloggers to steal WoW accounts.

But or a good hour or two, I was getting my ass handed to me, and I had to completely disconnect the building from the WAN. In addition, our AV (very big-name corporate AV firm), didn't do shit on it. After the update I had to submit samples to the AV company to get a permanent patch upstream.

Firewall? (1, Insightful)

khasim (1285) | more than 7 years ago | (#18387921)

The MAC addresses of your router shouldn't matter. They're LOCAL machines.

So the "proxy" you describe would have to have been a local machine, too.

How did they get through your firewall to establish a local proxy?

Re:Firewall? (1)

shrapnull (780217) | more than 7 years ago | (#18388119)

Sorry if I wasn't clear enough, the local machine was acting as a proxy via the ARP flood of the router's MAC address.

Example
Such as: who has 10.0.0.1 (router IP), tell 10.0.0.x
Response: XX:XX:XX:XX has 10.0.0.1 (local machine pretending to be router announcing every 2 seconds)

That's still local. (3, Informative)

khasim (1285) | more than 7 years ago | (#18388383)

The MAC address and ARP broadcasts are only used for local delivery. Some machine on that local segment had to have already been cracked.

There was a cracked machine sitting inside your firewall and broadcasting on your internal network.

How it was cracked is the first issue.

Using it as a proxy is just weird. It would be more efficient and effective to use it to scan other machines to see if they're vulnerable and to run attacks on your administrator passwords.

Better yet, upload the BIOS info and see if a rootkit can be installed on the motherboard.

It is a strange attack because it doesn't match any of the standard reasons for attacking.

#1. Bandwidth - this for for spam and DDoS attacks.
      1a. Crack one machine and upload the address book and anything that appears to be an email address so infected emails can be sent to those addresses.
      1b. Crack one machine and scan that range to see if any other machines are vulnerable.

#2. Information - compromise one machine / router / whatever and use that to attack important internal machines via worms or password attacks.

The attack you describe is just ... weird. Why attempt to compromise multiple workstations via an outside site? That is too easily noticed. Suddenly all of your workstations are hitting this one site? That's a huge flag in the logs. Even if you hadn't noticed it on the workstations.

And they wouldn't get any more bandwidth from the attack (case #1) nor would they get information that wasn't more easily available (and less noticeable) via other routes (case #2).

Re:That's still local. (2, Insightful)

shrapnull (780217) | more than 7 years ago | (#18388731)

I'm not going to criticize what it COULD have done. Obviously, there are some machines on that portion of the network that are not sufficiently hardened and that will be dealt with. The delivery mechanism of the malware had to be an internal user with overblown desktop privs, but having inhereted this 5,000 node network 4 months ago that's an issue we're addressing with the AD and antivirus rollout.

As to what would make sense for them to hack, I think it would make MORE sense for them to try to capture web-based logins such as gmail, et al, since those would be easier for them to access then actually cracking through a Cisco ASA or a pix and getting access to a machine with nothing more then MS Office and a desktop. At least those are tangible hacks that can be compromised instantly regardless of where in the world the attack originated.

It was a very weird attack. My nUbuntu laptop was affected by the iframe which was one of the instant alerts that this had to do with MAC or IP hijacking rather then just a simple virus like a worm. The network logs were immediately noticed, but how many small networks without sysops do you think will be able so sufficiently notice and protect against this. This is going to be a very successful attack, and it's the first Chinese attack I have ever seen to this measure.

Re:That's still local. (1)

hachete (473378) | more than 7 years ago | (#18390107)

the source? manager or salesman on a laptop, betcha pound to a penny ...

Re:That's still local. (2, Insightful)

Anonymous Coward | more than 7 years ago | (#18388803)

You just don't get it. With a MAC address attack, as long as any machine on the local network is compromised, they control all traffic on that network. You have to resort to non-networked methods of fixing machines. Additionally, you can have that one machine process things locally to minimize the much more likely to be noticed internet traffic. After scraping some information, let the arp poisoning expire and they can sit undetected for a long time until they decide to wake up again.

As long as any machine on the entire internet is compromised they can redirect machines to proxy through it to control vast networks of machines. Make the worm self modifying to keep track of a list of compromised machines with open internet access and you have a really tough to beat worm.

These attacks are targeted at businesses not individual users. They don't want your email addresses. They don't want it for DoDDs attacks. They want to sit there and listen for banking information or insider information for stock market manipulation or to sell trade secrets. Spam and DoS are kid stuff. This is done by the big boys.

Re:That's still local. (0)

Anonymous Coward | more than 7 years ago | (#18391849)

These attacks are targeted at businesses not individual users. They don't want your email addresses. They don't want it for DoDDs attacks. They want to sit there and listen for banking information or insider information for stock market manipulation or to sell trade secrets. Spam and DoS are kid stuff. This is done by the big boys.

Actually, it is by the chinese gov AND other groups such as Al Qaeda. If you look through some of these, are they hitting American DOD sites as well our businesses. We give them a hand up on this because so many businesses and the current admin push Windows.They are playing for keeps, while America is being screwed over in iraq.

Re:That's still local. (1)

khallow (566160) | more than 7 years ago | (#18392131)

Given the massive and weakly supervised bureaucracy of the Chinese government and its deep connections with many parts of Chinese industry, I gather we could be seeing a migration of this talent into the private world. After all, that is where the money is.

Re:Pretty cool stuff, actually (0)

Anonymous Coward | more than 7 years ago | (#18388263)

Why the hell do you use MSIE???

Re:Pretty cool stuff, actually (1)

zerojoker (812874) | more than 7 years ago | (#18388763)

That's interesting cause I had the exact same experience here two or three weeks ago. There are lots of chinese students in this university network, I guess that's the reason why we had to deal with it serveral times.
It always occured to us first when arpwatch was going mad.

And as you said: AV Vendor had no signatures whatsoever, only after submitting samples S***** came up with new signatures.
In fact S***** was installed on those computers and quite happy with a completely overtaken machine sniffing the network.

I think this is a new dimension; we're talking about an average computer user with an installed Anti-Virus program, but no chance for the user, the computer got owned.

Re:Pretty cool stuff, actually (2, Insightful)

anubi (640541) | more than 7 years ago | (#18388937)

Yeh, although its the "criminal" who does these things... criminals exist - and we should know that by now.

Criminal activity, like fire and corrosion, has existed for as long as we have been here on earth. We should know by now how to intelligently mitigate the ill effects.

Its dangerous not to understand fire and light one. Its dangerous to expose your machine to the internet and not know exactly what its doing.

Your experience mirrors exactly what I studied at an internet security class...

"The iframe contained javascript designed to capture passwords from gmail and other public websites, in essence a browser-based keylogger.
I have been fussing and fuming immensely at internet businesses - especially the financial sector - about the lunacy of having javascript or any other scripting language on a site where personal info is handled. I tell them I consider it "pornsite programming" and has NO business on a legitimate business site.

It is the rootkit/keylogger which is my prime fear. And I know I have left the door wide open when I visit a site where I accept their scripts to run in my machine. I am then wide open for hostile redirection, "drive-by" downloads, and phishing.

The main problem I face is the business people I have to talk to are multimillionaires who may know how to promote an online brokerage, but don't know squat about internet security. Yes. The big-name guys are the worst.

They hire programmers who are far better at making the executive think they are worth a salary than they are about programming. They will do stupid things online like using javascript links instead of simple HTML links to force us to enable scripting. And use crazy things like pop-ups when our browsers have no problem opening up another window in an HTML link.

I feel any financial webmaster who forces javascript on his customers is just about as idiotic as a bank clerk who writes the combination of the safe on the safe, and leaves the key to the bank under the doormat. Its a sure sign that the webmaster has found a boss who hasn't the foggiest concern about security on the internet.

I have had to leave several stockbrokers because of this issue.

I wonder how anyone would hire such ignorance of internet security in a position where he is dealing with money and sensitive information. My only conclusion was that those doing the hiring were just as ignorant, and had no business handling other people's money. My guess is that he probably played a nice game of golf or maybe looked pretty in a suit, and he was paid so much that people will not verify his technical expertise.

I see Javascript on a bank? Geez, put my money in a shoebox and leave it under the bush. Oh yes, be sure to have me agree the EULA which denies any responsibility on their part. Gotta be businesslike, ya know. Its part of that thing called TRUST, meaning I am to HOPE I don't get nailed by a criminal while submitting to their demand that I use risky technologies for their convenience.

I find it very scary when I am held hostage to enforced ignorance ( IP law ) of how my stuff works. It could be as simple as a farmer seeing his corn field on fire, yet not being allowed to know that if he turned his irrigation system on, it would put it out.

If we are so anxious to legally protect IP, then also make the purveyor of said protected IP legally responsible for what it does, just as a parent is responsible for what his kids do, and we will see virus vulnerabilities plummet.

Re:Pretty cool stuff, actually (1)

Tony-A (29931) | more than 7 years ago | (#18392943)

...I find it very scary when I am held hostage to enforced ignorance ... It could be as simple as a farmer seeing his corn field on fire, yet not being allowed to know that if he turned his irrigation system on, it would put it out.

It is similar to turning off the streetlights in a high crime area so you can't see the crime.

Closed and gizmo happy --- it WILL be insecure.
Open and obvious works like the Unix Honor Virus --- it doesn't seem to go anywhere. (although I think somebody had a very cute very small fork bomb in his sig)

It's the "Wow, look what I can do" syndrome -- like two-year-olds.

Anything designed to make you FEEL more safe and secure than is really feasible, will cause you to BE much less safe and secure.

Re:Pretty cool stuff, actually (1)

anubi (640541) | more than 7 years ago | (#18396811)

"Closed and gizmo happy --- it WILL be insecure."

You are so right.

For years, until this MSIE "proprietary" crap came along, I was used to going to "view document source" if anything didn't render correctly. I could usually spot in a few minutes of seeing the HTML tags what went wrong.

At least I KNEW the worst any webmaster could possibly do to me is give me a page that would not render.

No matter what he did, I could at least see anything he sent me in a text editor, such as if his ad overlaid the text, I could still see all of the text in the source code.

These days, with businessmen embracing all this closed-source hidden stuff, I have no idea what my machine is doing, but I am well aware, via anecdotal evidence typical of what we see here on Slashdot as well as personal experience, that my ignorance *will* be taken advantage of by others, often with hostile intent.

I left a career in this field over a disagreement with "executive row" over this kind of stuff. They wanted to "align themselves with mainstream supported applications", whereas I wanted to know exactly what I was doing. I did not trust walking down blind alleys blindfolded, no matter how much they promised police protection. I wanted to SEE where I was going, because ultimately I am responsible for my fate.

I felt like a fire marshal, paid $10 an hour, trying to tell multimillionaire executives the dangers of puddles of spilled gasoline. They obviously had no idea about the flammability potential of the gasoline, but they could see the cost of cleaning it up, and deemed it more cost efficient to fire a noisy fire marshal than address the spilled gasoline.

I keep hounding on the business types that forcing me to sign a EULA with someone else in order to do business with them does nothing to enhance their business image as a responsible trustworthy business concern, rather it makes them look like a bunch of schoolkids trying to blame missed homework on the dog.

And we pay business executives millions of dollars a year salary and bonuses to use the same paradigm?

Don't we have the wrong kind of people running the place? Their handshake, signature, and about five dollars have about the worth of a cup of Starbucks coffee.

I see this virus problem continuing until we realize, as a society, that businessmen MUST take responsibility for their product, and vote in legislators whill WILL codify this into law, much like businessmen lobbied legislators to draft their concerns into law.

If the current legislators don't see it this way, get them out of office! Impeach if necessary.

We didn't mind trying to impeach even our president for sexual ethics.

Certainly, when people wake up to how much some businesses have used their capacity to influence law to screw us, we can elect someone who we will watch to make sure he kicks the pendulum back. The people have got to be pretty mad first, so no matter what the mediaheads say, thats not the way the polls will go. The people have to be ready to impeach the guy at the drop of a hat if he said he was gonna do it, gets in there, and doesn't. And be ready to impeach any that fight him.

I see legislating enforcement of ignorance, yet at the same time allowing those enforcing ignorance to claim immunity from misperforming product, to be absolutely ludicrous.

Its like having Ford fix the exploding pinto problem by having a "key turn" agreement.. that is that by "inserting the key into the slot, you agree to hold Ford harmless... ". Why do we hound Ford for this, yet let software companies get away with it? Ford made no attempt to hide the design either.

This crap WILL end when we get a congress in that will side with US.

Liability will enforce Responsibility.

Re:Pretty cool stuff, actually (1)

fperillo (1077381) | more than 7 years ago | (#18396995)

Can you provide more infos, for example IP address of the host, md5 of the .exe, the name of the malware as recognized by the AV, a link to more detailed info.... thanks

Re:Pretty cool stuff, actually (1)

zainsohail88 (1079939) | more than 7 years ago | (#18486035)

the same problem is happening with us... we have tried many htings, the strange thing is that this virus/worm/spyware wht ever it is is not detectble by anvtivirus program, i have tried many diffrents antivurs programs but nohting works, i still see the "usa.d3a.us" link in status bas every time i open anypage, our netwrok is widely spread with atlest 800 users, i woul like to request some one here to help uss in finding a solution to this as this is really getting on our nerves,we have also installed routers and now a strange thing is happening that our DHCP changes its mac adreess automatically.. please guys help uss!! :|

thx in advance

It will be short lived (4, Interesting)

JRHelgeson (576325) | more than 7 years ago | (#18387885)

This subject is worthy of a book, however, I'll try to convey some level 5 thoughts and hopefully it'll make sense:

The Chinese government will reign in the criminal elements. They can't afford them damaging their economy. There is too much business to be done in order to keep their economy afloat that if we threatened to cut their internet access, they would go out and put the criminals in prison for life.

China has bred themselves into a crisis. With their 1 child per couple law that has been in effect for decades, they now have 1 child that is supporting 2 parents who supports 4 granparents as they all move into retirement age. This is a monumental economic problem and is the reason why their economic policy is evolving at a rate that far outpaces the political evolution. External influences are what are changing the Chinese government, causing them to adopt rule sets and make changes that would never come internally.

Example: SARS...

People started flying out of China with this illness (SARS). Communist China denied the problem even existed. The World Health Organization stepped in and grounded all flights departing from specific regions of China, causing a panic in the Business world supporting the Chinese economy. This forced China to recognize the problem and adopt new information sharing rules whereby we now know about the Asian Bird Fru YEARS before it becomes a global pandemic (if it ever does). This is an external change that never would have come internally from their own country.

China monitors their internet very closely, they know who the criminals are. They will be shut down soon because to let them continue would 1) be an embarassment to China, and 2) could have disasterous economic consequences.

As a simple reference: The United States currently consumes 40 Quadrillion BTU's of energy per year from all sources. China consumes 7 QBTU and needs to get to 14 QBTU within the next 10 years in order to keep their economy from collapsing. They have a lot of work to do and they're not going to let malware authors derail their country. If they get derailed, they're going to be headed in the same direction as the Soviet Union. China will do anything to prevent that from happening, including invading their neighbors. China is a nation of pride, there is no way they're going to let their nation fail.

When the Soviet Union collapsed, the citizens didn't much care because at least the Vodka was still cheap!

Re:It will be short lived (0)

Anonymous Coward | more than 7 years ago | (#18388077)

China monitors their internet very closely, they know who the criminals are. They will be shut down soon because to let them continue would 1) be an embarassment to China, and 2) could have disasterous economic consequences.

Just like they know who the pirates are and will swiftly bring them down and not just a couple of sacrificial sheep? http://www.wired.com/wired/archive/13.10/guthrie.h tml [wired.com]

When it comes down to it, these trojan authors are no real threat to China in terms of international politics. They've made it clear what their main priority is when it comes to their Great Firewall: the suppression of internal dissent.

Re:It will be short lived (1)

Gerzel (240421) | more than 7 years ago | (#18389745)

Besides, why would they push down the talented individuals in their midst, esp if those individuals are stealing from OTHER countries.

Re:It will be short lived (1)

JRHelgeson (576325) | more than 7 years ago | (#18389915)

You're supporting my point with the link to pirated DVD's. The manufacture of pirated DVD's and the theft of intellectual property is pumping billions of dollars into the Chinese economy each year. They're not about to cut off their cash flow.

So, yes, when it came to "shutting down" DVD pirates, they made a few walk the plank just for show... then business as usual.

There is nothing but shame that can come to China if they let cyber crime run rampant within China as well as against other externally connected networks. China is just going through the 2nd stage of the script kiddie phase where people have been connected long enough to really know how to do some damage (which is right where Russia was 5 years ago).

Of course, Russia has level "3 hackers" and they post the most serious threat. Chinese will follow the same path as America has in that the Script Kiddies will grow up and get jobs in the IT field. The Russians didn't have that option, when they grew out of the Script Kiddie phase, they couldn't just go out and get a job in IT, there is no IT in Russia. So they set to work writing all the nasty stuff that floating around today.

Brazil is only 2-3 years behind Russia in their development of online criminals. They've been having people graduate to level 3 now for the past 2 years.

Re:It will be short lived (2, Insightful)

BillyGee (981263) | more than 7 years ago | (#18388177)

Many, if not most, of the "citizens" of the Soviet Union didn't care because the collapse was something they had been hoping for ever since Russia occupied their countries. It meant they could actually buy food in stores, cross the border and not have to support the ethnic russian population. Nevermind the fact that the Soviet Union made Hitler seem relatively harmless considering the number of people murdered or sent to prison camps.

Re:It will be short lived (1)

cyfer2000 (548592) | more than 7 years ago | (#18388205)

If you don't know what is this [china.com] , you know nothing about the online world of China.

Re:It will be short lived (1)

DDLKermit007 (911046) | more than 7 years ago | (#18388633)

Then please, state what symboling is so the rest of the ignorant masses can now. The first impression is a pyro panda.

Re:It will be short lived (1)

cyfer2000 (548592) | more than 7 years ago | (#18390971)

This is the logo of a recent worm/virus widely spread in China. It infects .exe, .com, .pif, .src, .html, .asp, .jsp, .php..., if the infected html stuff appeared on the server, IE users who browse the web page also got infected, also it stopped the antivirus software and firewall, deleted backup and did other smart things. There were more than 1 million computers got infected in China since last October. Although the author of this virus left the name of the city he was living in the code, the police didn't caught him until February 12th 2007. The virus author tried to find a job in computer security area, but because he didn't even got a high school degree, nobody hired him. He released code to remove this virus after he got arrested. This is the story of the picture. If some people talk a lot about China but know nothing about this picture, I won't bother too much to read or listen. And I believe you can get your own idea from this story too.

Re:It will be short lived (1)

khallow (566160) | more than 7 years ago | (#18392111)

And what "idea" am I supposed to get from your story? Aside from the claim that "China knows who its criminals are" is wrong. It doesn't seem that illuminating to me.

One Child Law... (3, Informative)

eklitzke (873155) | more than 7 years ago | (#18389649)

I mostly agree with what you had to say. The part about the one child law is not that accurate however, so I wanted to comment on it.

China has bred themselves into a crisis. With their 1 child per couple law that has been in effect for decades, they now have 1 child that is supporting 2 parents who supports 4 granparents as they all move into retirement age. This is a monumental economic problem and is the reason why their economic policy is evolving at a rate that far outpaces the political evolution. External influences are what are changing the Chinese government, causing them to adopt rule sets and make changes that would never come internally.

This hasn't really been in effect for as long as you think. My girlfriend and I are both 20, and her parents were both born well before the one child law. So probably the very first people born under this law have started to have children. I was also told by her family (not sure if this is 100% accurate) that the law works every other generation. So if you were a single child, you can have two children -- and they can have a single child, and their children can have two children, and so forth. In addition to all of this, it is worth mentioning that the population of China is still (slowly) growing, which indicates that the one child law isn't as strictly enforced as you might think.

With respect to the rest of what you said, I agree with a lot of it. External influences dictate a huge amount of the national policy in the country. To even keep up the pace of growth that they have been sustaining for as long as they have shows that they are hugely more aware of international and economic policy than many people give them credit for. At the end of the day, China will do what it needs to do to keep their economy strong and safe.

Re:One Child Law... (0)

Anonymous Coward | more than 7 years ago | (#18392835)

This hasn't really been in effect for as long as you think. My girlfriend and I are both 20, and her parents were both born well before the one child law. So probably the very first people born under this law have started to have children.

The one-child law went into operation in 1979.

I was also told by her family (not sure if this is 100% accurate) that the law works every other generation. So if you were a single child, you can have two children

You're almost right, but this only applies if both parents are single children (whether that was due to the one-child law or otherwise).

There are other limits to the law as well - for example, some ethnic minorities and people living in some rural areas are allowed an extra child.

ma83 (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18387913)

by Fundamental A GAY NIGGER about half of the would take about 2 What they think is about outside the BSD license, oeut of business The mobo blew

Slashdot crowd is safe! (2, Funny)

mi (197448) | more than 7 years ago | (#18387929)

to the point where some unlucky persons may be getting some every day.

That's not us. For better or worse...

No news like old news (1)

OriginalArlen (726444) | more than 7 years ago | (#18387957)

Deja-vu, anyone? [google.co.uk]

Without intellectual property... (1)

slashdotusername (1077071) | more than 7 years ago | (#18387991)

Without intellectual property laws, is it even technically illegal to steal passwords in China? I mean, the downsides are obvious, but I don't think that Chinese law is prepared for this sort of thing.

Re:Without intellectual property... (0)

Anonymous Coward | more than 7 years ago | (#18388373)

Without intellectual property laws, is it even technically illegal to steal passwords in China?

Even if your assumption was correct (which it's not - even the US sees Chinese IP laws as acceptable; it's the lack of enforcement they don't like), it wouldn't be relevant. This sort of thing is what computer misuse laws are for.

Re:Without intellectual property... (1)

DigitAl56K (805623) | more than 7 years ago | (#18388575)

I'm not an expert, but I wouldn't call a password 'intellectual property'. It's an authentication device, the electronic equivalent of a physical key. Surely they have locks on their doors in China? And surely stealing a key, or copying it without authorization and then using the copy to gain entry would be a crime?

Oh hmm. (2, Funny)

romland (192158) | more than 7 years ago | (#18388527)

...to the point where some unlucky persons may be getting some every day.

TFS makes it sound as if that is a bad thing.

Welcome to Slashdot, I guess. :)

use linux (1)

anolisporcatus (969211) | more than 7 years ago | (#18389229)

use linux and this wouldnt be happening

So how does one say, (1)

ancient_kings (1000970) | more than 7 years ago | (#18390837)

"All your base are belong to us" in Mandarin Chinese?

Hello? This is a WINDOWS problem (1)

toby (759) | more than 7 years ago | (#18391163)

Why aren't Microsoft or Windows mentioned in the headline or summary, since they are the enablers of this entire phenomenon?

Re:Hello? This is a WINDOWS problem (1, Insightful)

Anonymous Coward | more than 7 years ago | (#18391557)

You might want to read this comment before you start the usual MS bashing:
http://it.slashdot.org/comments.pl?sid=227013&cid= 18388731 [slashdot.org]
Quote:

It was a very weird attack. My nUbuntu laptop was affected by the iframe which was one of the instant alerts that this had to do with MAC or IP hijacking rather then just a simple virus like a worm.
Web application security is the new "buffer overflow" of the security world.If you think only MS products are affected by this , have a good time getting pwned...

and what was the pwn3d box on the inside running? (1)

Joseph_Daniel_Zukige (807773) | more than 7 years ago | (#18391825)

So there were Linux boxen and Firefox browsers on the inside as well, and they were effected by the attack in the third or fourth wave.

Did you miss that part about there having to be a box (still) pwned on the inside? Yeah, once there's a bot on the inside, no standard browser is safe, but how did that bot get in?

Sure, it _might_ have been a Linux box poorly administered, but then again it might have been just about _any_ MSWindows box.

Odds? Come on, be serious.

The culprit is Bill Gates for insisting on selling OSses and office applications that are unsafe at any speed.

The other culprit is us for buying his hacktrap. We couldn't wait for a safer pace of development, so we drank the koolaid.

Re:regarding the koolaid... (1)

Douglas Goodall (992917) | more than 7 years ago | (#18392669)

OK, so who sold us the first cup of koolaid? was it the 6502 people, or was it intel 4004. The pace has increased continually since there were computers that were smaller than a room.

Re:regarding the koolaid... (1)

anubi (640541) | more than 7 years ago | (#18397197)

I think the first "koolaid" was the definable ANSI escape codes. No sooner than those were out, the first "ANSI bombs" appeared. I learned right then and there the danger of letting people run executables in my machine.

I believe the "koolaid of the day" today is Javascript, Media players, and Instant Messenger apps.

Javascript was used to do this particular one. If javascript had not been present here, this would not have happened. I see Javascript to secure computing much as I see a spilled puddle of gasoline to fire safety.

Now, if we could just all agree on a standard public format for images, media, and IM, we could have TRUSTED, PUBLICALLY VERIFIABLE programs to read the file and properly present it as image or sound.

The trusted programs mentioned would be incapable of anything but what they were designed to do.

Re:regarding the koolaid... Regarding escape seq,, (1)

Douglas Goodall (992917) | more than 7 years ago | (#18397373)

Funny you would mention the escape sequences :-) Several weeks ago my main Windows XP MCE computer, with hundreds of gigabytes of stuff (none pirated) stored on it had an incident. I had cygwin loaded and updated. I had developed a simple c++ (gnu) program to create html web pages. I was in a cygwin bash window, and I accidentally cat'ed the binary (a.out) of my c++ page generator. Several lines of binary goop appeared on the screen and then the computer froze up. I meant seriously frozen, including the caplock button no longer toggling the led. I tried to reboot and found the entire system was gone. There was no bootable image, no F8 safe booting options. The hard drive partition was gone, and with it all my files, source code (several days worth) and many things I had downloaded such as public domain ISO images for ubuntu and Oracle Linux... Now I realize it is my responsibility to keep my files backup up, but this was my main, "use every day" box, heavily loaded with MSDN Visual Studio, and Tech Net Plus licensed software. I takes approximately three days of continuous work to load up and configure that box that way, not counting the downloads I would have to redo. All of this because the accidental displaying of binary data in the cygwin bash window blew away everything. This was the final fuck you from Windows and Microsoft for me. It should not be possible to cause that much destruction in such a way. I have now switched completely from the Microsoft environment for all daily work and play. It's too bad about cygwin being part of this trouble, because I thought highly of cygwin for quite some time now. Now I am using a Mac OS X Tiger powered G4 17" flat panel Mac for email, web, downloading and develpment coding. BBEdit is very cool. I am using ubuntu to cross develop for the gumstix platform (http://www.gumstix.com). I am running Scientific Linux on an old laptop, and between these systems, everything I currently need to do is being done. I have partaken heavily of the Unix koolaid, but for now, it is sweet.

Re:regarding the koolaid... Regarding escape seq,, (1)

anubi (640541) | more than 7 years ago | (#18414105)

WOW!!!

I have NEVER seen an ansi bomb do THAT much destruction!

Although the embedded "echo 'y' | format c:" came close. Remember that one? Deadly.

I had renamed my format and fdisk command names to mitigate those.

I long for those days where if someone came and messed up my machine, seeing what they did and cleaning up after them was about as simple as mitigating my dog's accidents. It was obvious where the mess was, one just got out the mop or backup disk and cleaned it up. Didn't have to beg someone else for help.

Once the courts decided that Microsoft's "click" agreements and EULAs could legally shield them from product liability, we've had buggy code. I guess we would still have exploding cars if the courts told Ford that they could escape their exploding Pinto tank liability by printing up a little KeyTurn agreement which deemed Ford harmless and you agreed by turning the engine start key.

Just as RIAA is trying to rid the world of piracy by lawsuits, the very same paradigm would be very effective in getting Microsoft and others not to release buggy code that others depend on. But it takes a court system and a Congress that considers our nation's computing infrastructure to be as important as having cars that don't explode.

To me, that should have been part of the DMCA, that is to have companies RESPONSIBLE for the code if they are going to deliberately encrypt/obfuscate it in the light rendering its internal operations opaque to the end user.

But, our Congress is not like my parents. I had to eat my peas if I wanted dessert.

RIAA talked them out of the pea part, and just got the dessert.

I feel the public should hold Congress accountable for this mess, and elect people who WILL codify corporate responsibility into law, just as the RIAA and BSP got Congress to codify the end user's responsibility into law.

Note I never said DMCA was BAD law, I just claim its an UNEQUAL, UNFAIR law because it only represents ONE party's interest.

confused... (1)

it074771 (1063998) | more than 7 years ago | (#18401711)

so whats the sense of chinese wall?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?