Research Indicates Beijing Is World Virus Capital

An anonymous reader writes "The Chinese capital city of Beijing is now a global leader in distributing viruses. According to UK-based managed security services company Network Box, Beijing accounts for 40 percent of all viruses that passed though the company's servers in June, and 5.25 percent of detected spam. This compares with slightly lower percentages for cities in countries noted for having a malware problem. Moscow was second for spam with 5.12 percent, Seoul third with 3.58 percent, Turk in Turkey fourth with 3.4 percent, and London in fifth place at 2.47 percent. 'As more and more users come online in China, there's a good chance those computers are using pirated software without up-to-date security fixes, making them prime targets for hackers who are actually located elsewhere in the world, [Simon] Heron said. Those compromised computers, which are used to send spam and make it more difficult to identify the spammer, are so valuable that hacker gangs have been competing to take over machines. If one gang finds a machine running another gang's Trojan horse program — one that appears harmless to the victim but can be used to control a machine — they'll try to remove the software.'"

Re:In Before...

[Zonekeeper]

This would be funny, if it wasn't for the fact a large portion of Slashdot's community didn't believe exactly that in some incredibly screwed up set of dreamed-up circumstances.

Windows versus Linux

[goombah99]

One might speculate that it's a good thing for linux (and mac) that China runs on Windows. It's an incubator for this kind of activity. It probably does not help that a lot of the windows is pirated and/or never kept patched. Since linux is even harder to keep patched automatically it would not be a better situation (Flame me if you wish but please don't say something moronic as "its' as simple as "apt-get update-all". And even if you believe that linux is more resistant to holes than windows that's not an issue: Remember most of these bots come in as trojans not remote execution exploits, and they don't even need to run as root--so linux is not going to be more secure against trojans people welcome into their user spaces.

Now just imagine in the future when phones become general purpose computers, not subject to reprogramming by the phone service provider. That's going to be billions of rooted computers. Yikes.

Zombies can be tricky

[Tablizer]

What if somebody is simply zombying Beijing servers and/or desktops? It just may mean they have the most zombies, not that the actual perpetrator is there. It would still be considered lax security either way. Unless perhaps some big virus shop chose Beijing as their frame target because of China's already poor reputation in this area such that nobody would look elsehwere once traced there.

I believe it.

[Anonymous Coward]

I been monitoring spam, brute-force attacks and other junk that is coming to my network and most of it comes from China recently. It is hard to discern if these are 2nd or 3rd party bot attacks but in the last month I had and still under spam attacks from China, Korea and other locations and China is still number one for me.
China is still "under-development" and I think most systems in China are half-baked that are ripe for botnet attacks so my thinking that the junk is botnets. Don't think I'm against the Chinese since I'm Chinese also and seen the fair amount of bad configurations, software and hardware that Chinese have and they have a headache beyond any system administrator's nightmare. But who is controlling the botnet I would like to know since there is so much junk other there I barely have anytime to defend against it.

Who mod'ed that "interesting"?

[khasim]

Since linux is even harder to keep patched automatically it would not be a better situation (Flame me if you wish but please don't say something moronic as "its' as simple as "apt-get update-all".

Well, it seems that the moderators are as uninformed as you are. Imagine that.

Most current distributions AUTOMATICALLY check for updates.

And they do NOT require "Windows Genuine Advantage" or any such crap (unless you're running Novell). Ubuntu does this flawlessly.

And even if you believe that linux is more resistant to holes than windows that's not an issue: Remember most of these bots come in as trojans not remote execution exploits, and they don't even need to run as root--so linux is not going to be more secure against trojans people welcome into their user spaces.

Actually, at the moment it appears that the majority of NEW infections are coming from holes in IE.

Zombies send out spam telling you that you have a greeting card at site 123.321.123.321 and when you go there, IE is cracked.

So, running Linux WOULD prevent that.

And regarding trojans, Linux makes it FAR more difficult to run software WITHOUT specifically intending to do so than on Windows. So Linux is more resistant to trojans.

Go ahead and claim that just because it is possible for a sysadmin to fuck up his system despite all the precautions otherwise ... well, you know what you're going to attempt to claim.

The fact is that Linux is far more resistant to viruses, trojans and worms.

And that is sufficient because it appears to drop the infection rate below the disinfecting rate. So the threats die because they're cleaned faster than they can spread.

But we've gone over this before and we'll go over this again.

I still blame Microsoft.

[khasim]

you can't fix stupid. The biggest bug in Windows is between the chair and keyboard. The item in question is gullable, has admin privilages, and can run widely dispensed Windows specific code.

Now look at Ubuntu.

By default, you are a less privileged user. You have to do RESEARCH on how to log in as the root account. And the people who are most likely to be a problem are the least likely to do the research. This limits the trojan and virus threat.

By default, there are no open ports. This limits the worm threat.

People can STILL manage to get their Ubuntu machines infected. But it takes a LOT of work on their part and it's very easy to clean them.

Once the infection rate falls below the disinfection rate, the "threat" dies.

Microsoft is TRYING to get around to doing this. But they're still learning. Maybe Vista +1 will follow Ubuntu's lead.

Re:Follow the money ...

[Anne Thwacks]

How do you expect them to do that?

The creid card companies mantain a tight reign on what there licencees can buy and sell. If you fall out of line, your access is cut off io hours. New sites may pop up daily, but its not that easy to get a merchant account. You have to provide an insane amount of documentation - typically directors of the company to have to hand over passports, marriage licences, firstborn sons, etc. If evidence of promotion via spam was grounds for cancelling merchant accounts, and the credit card companies were required to enforce this, then it would stop because it would be pointless. Currently the credit card companies make millions from spam, and will not act against it unless forced to by the government, because they are required by law to act in their shareholders best interests.

I sure as hell want your freedom to have your fellow countrymen send me several thousand spams a day promoting illegal, fake goods curtailed. You are free to provide me your e-mail address so I can forward all my spam to you if you like.

I assure you that educating people, while worth trying, fails on the PT Barnum test - "there's one born every minute".

The Great Firewall of China

[Nom du Keyboard]

How is it that the Chinese are so good about keeping out what they don't want their culture to learn about the rest of the freedom loving world, and so incredibly lousy about keeping in what they shouldn't be spreading to anyone else?

Go a month without China

[Original Replica]

Try to live here without buying anything from China. It's gonna be tough, especially if you want to buy shoes or electronics without parts or assembly in the PRC. Here's an interesting article about it.http://www.csmonitor.com/2005/1220/p09s01-coop. html [csmonitor.com]