Friday, June 12, 2009

Google's Top 10 Malware Sites & China's Information Warfare

Google's Online Security Blog offers its take on the current epidemic of compromised web servers.

...we constantly scan our index for potentially dangerous sites. Our automated systems found more than 4,000 different sites that appeared to be set up for distributing malware by massively compromising popular web sites. Of these domains more than 1,400 were hosted in the .cn TLD [Ed: China top-level domain]. Several contained plays on the name of Google such as, etc.

The graph shows the top-10 malware sites as counted by the number of compromised web sites that referenced it. All domains on the top-10 list are suspected to have compromised more than 10,000 web sites on the Internet. The graph also contains arrows indicating when these domains where first listed via the Safe Browsing API and flagged in our search results as potentially dangerous.

Other malware researchers reported widespread compromises pointing to the domains and, both of which made it on our top-10 list. For gumblar, we saw about 60,000 compromised sites; Martuz peaked at slightly over 35,000 sites. was also reported to be part of a mass compromise, but made it only to position 124 on the list with about 3,500 compromised sites...

A 2008 issue of IOsphere Magazine described the odd affiliation (PDF) between China's military and civilian hackers.

The most obvious reason for Beijing’s apparent tolerance of the [Hacking] Alliance is that it likely receives valuable information from the group. Thousands of hackers, working around the clock, could surely fill in some of the blanks of a composite intelligence picture. As a civilian organization, the Red Hacker Alliance also provides the government with plausible deniability.

Even if Alliance members are caught red-handed breaking into a system, it is easily disavowed as the actions of overzealous youth, not that of the government. In December 2005, as accusations of China’s involvement in government-sponsored hacking heated up, People’s Republic of China Foreign Ministry spokesman Qin Gang flatly denied charges of PRC government involvement, asking the US to produce any information proving these allegations...

China's hazy lines between military and civilian information warfare complicate matters greatly. One wonders whether the U.S. could employ similar measures to protect and defend the nation's infrastructure.

No comments: