Trojan horse
Researchers claim to have discovered a centralised group of Trojan activity based in China

China accused of Trojan onslaught

Trail leads back to China-based operations including a government website

Written by Matt Chapman

vnunet.com, 04 Dec 2007

China is to blame for a wave of Trojans infecting PCs around the world, according to a new study.

Web security firm Finjan claims to have uncovered groups distributing content using obfuscated code and a network of websites to bypass traditional security, including one site belonging to a Chinese government office.

Finjan's Malicious Code Research Center said that it discovered a centralised group of activity based in China after investigating a sophisticated attack that used zero-day exploits and other new hacking techniques.

The company's researchers found that some parts of the network led to Trojan sites that exploit browser vulnerabilities and install malware on the user's desktop.

"Once the user's PC has been infected the Trojan starts to send data to other websites in the network which are hard to detect," the report said.

"Additional sites in the network monitor and control the attack using statistics about how many users visit the site and how many got infected."

The Trojans also collect data from the user, including which operating system is used, the applications that are running, personal information such as user names and passwords, and the security products installed.

Finjan explained that the collected information is then fed into other sites which refine the attack.

The news comes as MI5 warned 300 UK chief executives and security experts of an increased risk from Chinese hackers.

A previous attack on UK government servers was blamed on hackers in China, while other governments have also named the country.

These include an attack on the Pentagon in September, one in France in the same month and daily internet attacks in Germany in October.

"This development is disturbing for governments, enterprises and individuals alike," said Yuval Ben-Itzhak, chief technology officer at Finjan.

"Signature-based technologies like antivirus and URL filtering are limited against this type of attack, as the number of vectors and sophisticated structure of the network of websites can bypass traditional information security technology."

Full details of the Finjan study will be revealed later this month.

See also:

reader comments

related articles

Spam

Spammers shift to spreading malware

2007 shows trend away from simply flogging products 04 Dec 2007

 

Security experts petition government on e-crime

Dedicated IT police force needed again 03 Dec 2007

MI5 warns of Chinese hack attacks

Top UK businesses get memo from spymasters 03 Dec 2007

FBI 'Bot Roast' scores string of arrests

Anti-botnet campaign claims success 03 Dec 2007

Under half of IT managers using encryption

Most companies feel secure against data leaks despite HMRC breach 30 Nov 2007

Fasthosts changes user passwords after hack

Web hosting firm acts quickly following intrusion alert 30 Nov 2007

Hackers unleash 'insidious' crimeware attack

Trusted websites turned into traps 14 Jan 2008

Hackers set up stolen FTP account trading floor

Database discovered containing more than 8,700 harvested FTP account details 28 Feb 2008

Hackers turn to drive-by downloads

Organised crime exploiting browser vulnerabilities 13 Feb 2008

latest news

Novell to shuffle EMEA executive pack

Linux vendor shifts partner programme responsibilities to marketing organisation 09 Jan 2009

Ballmer highlights aims for New Year

Ballmer announces Windows 7 beta and future alliances designed to improve information sharing 08 Jan 2009

Active Storage completes UK Jigsaw

Jigsaw unveiled as Raid vendor's first non-US Platinum partner as it launches in Europe 08 Jan 2009

More news

poll

Challenging times ahead?

Challenging times ahead?

Do you think there will be a lot of channel job cuts in 2009?

Previous poll results

Paul Anderson, Trend Micro

Vendor Q&A: Paul Anderson, Trend Micro

During this Q&A session Paul Anderson, UK country manager of Trend Micro talks about the changing threat landscape and how Trend is working with resellers in 2009

Sara Yirrell and Rick Wallis

Vendor Q&A: Rick Wallis, NEC Computers

In this exclusive vendor Q&A, Rick Wallis, UK sales director at NEC Computers talks to CRN editor Sara Yirrell about his firm’s plans for the channel.

More CRN TV

events

Channel Expo 2009 logo

Channel Expo 2009

The UK's top reseller exhibition will return to the NEC on 20 May 2009

CRN Fight Night 2009

The channel's only white-collar boxing event is back

More Events

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Advertisement

White papers

Search white papers

Top categories

Primary Navigation