jump to navigation

China – pesistent threat vs convenient “demon”? April 1, 2010

Posted by wastedspacer in IT Security, Notable Incidents, Political Issues, Social State.
Tags: , , , , , , , ,
trackback

When average folk in the US are asked about what they think of China – it would seem that they simply parrot much of what the media peddles: human rights abuses, disregard for the concept of intellectual property, stealing manufacturing jobs from the rest of the world, state corruption, militarism, gulags, illegal software, brand-name knockoffs, the source of advanced persistent threats and a lot of other big-brother-state demonizing in general. While there are no doubt factual elements that reflect some or all of those issues, when an accusation appears, the media quickly escalates to the usual feeding frenzy to highlight any “facts” they can derive from reports. When it turns out that perhaps the issue was not so heinous or even a work of fiction, the retractions and general backing down reports are buried way down the page or even completely ignored. Come to think of it, that’s actually pretty normal for just about any sensationalized media news event.

Case in point the recent accusations of conspiracy between the infamous Aurora botnet and a series of attacks on US Companies – Google, Adobe, Intel, Northrop Grumman et. al. This has appeared in a recent DarkReading article on the retracted McAfee stance supporting this theory.

DarkReading Article.

This report paints a picture to indicate perhaps China should not always be the usual suspect root of all malware. Has McAfee been somewhat hasty in their “cry wolf” analysis that had solidly linked a series of targeted attacks as part of the overall Aurora malware efforts? McAfee initially had positively identified China as the perpetrator for the attacks against US Companies. Further analysis has subsequently identified this to be botnet establishment malware out of Vietnam that just happened to end up on commonly infected machines and probably not even related to Aurora at all.

Disturbingly, although primarily leveraging Chinese services such as 3322.org (a domain service run by one Peng Yong) it may simply be driven by the fact that statistically Chinese PC users have by far the largest percentage of its population using hacked/illegal OS and application software that typically come equipped with “free malware” or are much easier to infect since security update patching frequently gets disabled as part of the hack.

It will be interesting to see the knock-on effect of the recent Chinese edict and domain registration crackdown requiring a verifiable address (in China), business registration number along with a head/shoulder photograph. This was brought about reportedly (at least according to the Chinese Govt) following the identification of massive numbers of non-Chinese addresses registering .cn domains. GoDaddy recently pulled its registration policy while grumbling about loss of protection of identities, at the same time it may have a positive effect on the nefarious use of .cn domains as smokescreens for botnet operations run out of other countries. One wonders if GoDaddy is also inwardly grumbling more about the loss to its revenue stream?

GoDaddy Exit’s the .cn space.

Excellent HBGary Analysis on Aurora:

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: