onHacks

China now mandates all PCs sold on July 1st 2009 to have a content-control software called Green Dam (緣壩) installed.

Not sure how wildly reported outside of China, but here I should bring to your attention.

The protests, of course, are present. Chinese people are not stupid, but…

On 10 June, amidst massive criticism circling within the internet about the software and the MIIT’s directive, the Publicity Department of the Communist Party of China Central Committee, the agency responsible for censorship, issued an instruction attributed to “central leaders” requiring the Chinese media to stop publishing questioning or critical opinions. Reports in defense of the official stand appeared subsequently, with a commentary by the state-run Xinhua news agency saying “support largely stems from end users, opposing opinions primarily come from a minority of media outlets and businesses”.^[20][21] The instruction also required online forums to block and remove “offensive speech evolved from the topic” promptly.^[22] Zhang attacked the Wolchok et al report as irresponsible action and breach of his company’s copyright, and said that Jinhui had been ordered to patch the weaknesses.^[23]

So, there goes the end of newspaper. What is left? I heard a term called propaganda. =)

I will not discuss the political implications since it is so painfully obvious. If you do not, go do a search and study, then you will see how ridiculous is to believe in the benevolence.

On the other hand, this software is buggy. Despite the development company JinHui claims “all software has a bug”, it seems he means it is OK to have bugs that can root the whole China. I guess that is good news to the cybercriminals. I could hear them giggling ready to pwn n00bies!

Anyway, here is an interesting security analysis from The University of Michigan.

You see, the problems will just continue to arise. Workarounds will be distributed. Well. What’s next? Hardware rootkits? Let’s look forward to 1984.

Malware China, Filtering

A slight follow up for those who read the short china report.

As Tim in the previous post and some other fellow readers notified me, there was an anti-porn campaign extension taking off last January, which is likely the reason indirectly that drives the number of reported incidents up last 3 months. The timeframe fits right into it, though by no means proving a direct relationship.

You can read more here, here and here.

Malware China

The Microsoft Security Intelligence report v6 is out, but I find little China information. Nevertheless, the China Internet Illegal Information Reporting Centre (CIIRC/违法和不良信息举报中心) whose mission is to deal with offending websites in China also announces number as such which can show us what is in China. It is established in 2004.

There is no formal mapping between the chinese and english, and hence I will define unofficially below for your understanding. It is by no means accurate. (Click images for larger view)

-

Total number of reported incidents to the CIIRC over the last 3 years.

Notice that the number of reported incidents did not rise significantly over time.

-

The two largest reported category are phishing and porn ( which is illegal and banned in China ) in percentile of all reported incidents.

Phishing and Porn made up on average 78.83% of the percentile of reported incidents over the last 3 years. Particularly, phishing constantly plays a large percentage. This interests us to what the state of security in the business world. Porn is still always the big gamer, despite China has banned it.

-

Trend of all other activities excluding porn and phishing in percentile over 3 years in China.

Cult preaching, moral offense, party and government offense, constitution offense, gambling, violation of intellectual property and, surprisingly, malware as well, only makes up 21.7% on average over the last 3 years. Like what the Microsoft Security Intelligence Report v5 ( Jan~Jun 2008) suggests about malware, China is not that heavily affected as that of Russia, North Africa, and the North and South America continents.

-

Some of the more interesting and very vague types of reports in China, and probably some you do not want to touch : Moral offense, Violation against Constitution and Offense against the Party or the Government. Trend of various offenses over 3 years in China.

Despite moral offense, party and government offense, and constitutional offense contributes only a fixed percentile in the whole, they have observed an increasing in absolute number of reported incidents. There is a spike in May 2008, which I am not sure what is the reason.

-

Trend of violation of intellectual property over 3 years in China.

The common knowledge is that the Chinese do not respect intellectual property. Violation of intellectual property has observed an increasing trend over the last 3 years.

-

Trend of gambling content over 3 years in China.

The odd saying is that the Chinese loves to gamble. Gambling has observed an increasing trend over the last 3 years.

-

Trend of porn and obscene contents over 3 years in China.

Oddly, did Feng Shui suggest that Spring 2009 the best time for mating? Porn has observed a large increase in number of reported incidents lately.

-

Summary :

The data above suggests a growing cybercrime community in China, where organized or not. Previous reports have suggested that cybercriminals are increasingly attached to China. Also, phishing and porn is still large contributor of cybercrime. Malware plays a less important role here, for reasons unknown. However, China local security companies do offer their localized flavour defenses, perhaps it is well worth deeper investigation into the state of China.

—

Source : http://net.china.com.cn – 违法和不良信息举报中心

Malware China, Report

The January to June SIR ( Microsoft Security Intelligence Report ) tells interesting trends of the malware infected computers in different countries per 1000 Malicious Software Removal Tool (MSRT) execution.

Quoting Terry’s analysis :

Rough Translation: the more familiar with computers your user base is, the less likely they are to have their systems infected with malware.

Japan, Sweden and Germany is exceptionally good. China, um, not bad! That’s a yellow which is a range to 6~8 per 1000 MSRT infections. But I think there’s a catch here :

A huge portion of the personal use Windows population  in China, Hong Kong and Macau do not use genuine Windows, which shields them from the Malicious Software Removal Tool (MSRT).

Considering the fact that if I dump my MSN logs with those Instant Messenger malware hyperlinks, which is quite a good number of them on my MSN list. Are the general population that tech savvy? And do not forget about the Trojaned Pirated Windows installation disc out in China. I wonder how accurate is this map now. I should let the authors clarify. =)

Malware China

Page 1. OnHacks team is born. We are a group of geeks gathering together in exchange of our sharings in security, malware, spanning in web application, network, operating system, cryptography, and much much more. We think such knowledge sharing should be for who are interested, as many of the generous hackers who strived to share their knowledge.

Our posts will be mainly in English, but in general we will try to include Cantonese and Simplified Chinese support, as so to share across China.

Random Chatter China