Research Indicates Beijing Is World Virus Capital

An anonymous reader writes "The Chinese capital city of Beijing is now a global leader in distributing viruses. According to UK-based managed security services company Network Box, Beijing accounts for 40 percent of all viruses that passed though the company's servers in June, and 5.25 percent of detected spam. This compares with slightly lower percentages for cities in countries noted for having a malware problem. Moscow was second for spam with 5.12 percent, Seoul third with 3.58 percent, Turk in Turkey fourth with 3.4 percent, and London in fifth place at 2.47 percent. 'As more and more users come online in China, there's a good chance those computers are using pirated software without up-to-date security fixes, making them prime targets for hackers who are actually located elsewhere in the world, [Simon] Heron said. Those compromised computers, which are used to send spam and make it more difficult to identify the spammer, are so valuable that hacker gangs have been competing to take over machines. If one gang finds a machine running another gang's Trojan horse program — one that appears harmless to the victim but can be used to control a machine — they'll try to remove the software.'"

Like street gangs...

[EmbeddedJanitor]

Hopefully they get so absorbed in rubbing eachother out that the rest of us can just get on with business as usual.

OMG

[niceone]

OMG Olympic fuelled avian influenza pandemic here we come!?!

Oh, not that sort of virus.

Re:

[IgLou]

Seriously, when I first started reading the post that's exactly what I was thinking! I feel like I might be a little prejudiced in jumping to that conclusion...

Go a month without China

[Original Replica]

Try to live here without buying anything from China. It's gonna be tough, especially if you want to buy shoes or electronics without parts or assembly in the PRC. Here's an interesting article about it.http://www.csmonitor.com/2005/1220/p09s01-coop. html [csmonitor.com]

No surprise really

[southpolesammy]

From a Westerner's perspective, China has the following qualities:

1. Large population
   
2. Growing Internet presence
   
3. Restricted access (both physically and logically)
   
4. Rampant piracy problem
   

This seems like a target-rich environment for black hats to "do business" in.

Windows versus Linux

[goombah99]

One might speculate that it's a good thing for linux (and mac) that China runs on Windows. It's an incubator for this kind of activity. It probably does not help that a lot of the windows is pirated and/or never kept patched. Since linux is even harder to keep patched automatically it would not be a better situation (Flame me if you wish but please don't say something moronic as "its' as simple as "apt-get update-all". And even if you believe that linux is more resistant to holes than windows that's not

Re:

[Anonymous Coward]

It's as simple as "apt-get update-all"

Thank you, thank you, I'll have another show tonight and two more on Saturday. Refer a friend and get 50% off the price of admission.

Re:Windows versus Linux

[99BottlesOfBeerInMyF]

One might speculate that it's a good thing for linux (and mac) that China runs on Windows. It's an incubator for this kind of activity.

From what I've seen you have spam, mostly targeting English speaking Americans and Europeans and you have worms targeting anything with a fast connection, for use as a bot. I suspect that even if China was suddenly all using Red Flag Linux, worms and spam from China would still target the US.

Since linux is even harder to keep patched automatically it would not be a better situation (Flame me if you wish but please don't say something moronic as "its' as simple as "apt-get update-all".

What version of Linux on the desktop do you run? My Kubuntu install pops up a nice GUI when updates are available, and that was the default configuration. It also applies to a lot more of the userland software than Windows update does. I find it a lot easier to keep up to date than my Windows install.

And even if you believe that linux is more resistant to holes than windows that's not an issue: Remember most of these bots come in as trojans not remote execution exploits, and they don't even need to run as root--so linux is not going to be more secure against trojans people welcome into their user spaces.

I think you're mistaken here on several points. First, every study I've seen and the non-public data I have from work shows the majority of infections are from worms that do not involve user interaction, not from trojans. There are a lot more types of trojans, but they just don't spread as quickly and widely as fully automated attacks. If you're counting by infection instead of by number of malware variety, trojans are not the biggest threat.

Second, I do think the design choices of the major Linux distros are more secure than Windows for the most part, but that is not the reason why Linux will always have less chance of malware infection than Windows. Innovation, including innovation into security, is driven by market forces. Windows is a monopoly. When a Windows box is compromised, MS does not lose any money and very, very, very rarely lose any customers. Linux, due to its licensing, will never wield monopoly force in the market, thus it will always respond to the wishes of the users, who also happen to be the developers for the most part. If malware attacks against Linux were to increase in frequency enough so that Linux had to face the same level as Windows, Linux would not fare all that much better at first, but it would quickly develop better security features to mitigate the attacks, probably starting with an SELinux type approach combined with human generated white and grey-lists and some sort of an open verification scheme. User space versus root is not the most granular level of security on all Linux boxes today and if trojans became an issue on Linux, that would expand to consumer desktop systems.

Now just imagine in the future when phones become general purpose computers, not subject to reprogramming by the phone service provider. That's going to be billions of rooted computers. Yikes.

That all depends upon how many OS's and providers for phones their are. If there is a monopoly, yep we'll have terrible security and it will be a mess. If we have a healthy market with multiple competing players, I don't think it will be a serious problem.

Re:

[goombah99]

I agree that diversity helps resistance. But as phones become computers I think we'll also see all the hand-rolled specialty phone OS disappear and standard OS's, fewer in number, replace them. This almost has to happen for develpers to develop apps. At first this may be web-apps of course so there underlying OS is less important. But long term there's pressure to downselect. Cringely thinks everything will be using Flash as a front end, even toasters. At some point the number of OS's will be small enoug

Re:

[99BottlesOfBeerInMyF]

But as phones become computers I think we'll also see all the hand-rolled specialty phone OS disappear and standard OS's, fewer in number, replace them.

So long as no one OS wields enough market influence that it can ignore customers needs, it does not matter. You could have 2 OS's each with 50% of the market, or even 1 OS, so long as it is Embedded linux, and because unhappy customers can fork it, you don't have to worry that security will be ignored.

This almost has to happen for develpers to develop apps.

I disagree. It is just as likely that development environments will evolve to target multiple OS's. We already have that on PC's with Java and Flash and several other environments, and that is where there

Re:

[grcumb]

At some point the number of OS's will be small enough that we've lost the advantage of diversity. Or so I speculate.

I think you're confusing interoperability and consistency with sameness. The latter is neither necessary nor desirable.

Who mod'ed that "interesting"?

[khasim]

Since linux is even harder to keep patched automatically it would not be a better situation (Flame me if you wish but please don't say something moronic as "its' as simple as "apt-get update-all".

Well, it seems that the moderators are as uninformed as you are. Imagine that.

Most current distributions AUTOMATICALLY check for updates.

And they do NOT require "Windows Genuine Advantage" or any such crap (unless you're running Novell). Ubuntu does this flawlessly.

And even if you believe that linux is more resistant to holes than windows that's not an issue: Remember most of these bots come in as trojans not remote execution exploits, and they don't even need to run as root--so linux is not going to be more secure against trojans people welcome into their user spaces.

Actually, at the moment it appears that the majority of NEW infections are coming from holes in IE.

Zombies send out spam telling you that you have a greeting card at site 123.321.123.321 and when you go there, IE is cracked.

So, running Linux WOULD prevent that.

And regarding trojans, Linux makes it FAR more difficult to run software WITHOUT specifically intending to do so than on Windows. So Linux is more resistant to trojans.

Go ahead and claim that just because it is possible for a sysadmin to fuck up his system despite all the precautions otherwise ... well, you know what you're going to attempt to claim.

The fact is that Linux is far more resistant to viruses, trojans and worms.

And that is sufficient because it appears to drop the infection rate below the disinfecting rate. So the threats die because they're cleaned faster than they can spread.

But we've gone over this before and we'll go over this again.

Re:

[stonecypher]

WHAT was that? I couldn't HEAR you. Please speak UP.

Re:

[babyrat]

Hmmm - saying it it's as simple as apt-get update-all would almost be as moronic as stating that linux is even harder to keep patched automatically. Seems pretty much the same to me - click the automatically check for updates/automatically install security updates boxes.

http://www.howtogeek.com/howto/ubuntu/configure-ho w-often-ubuntu-checks-for-automatic-updates/ [howtogeek.com]

One of the nicest features of Ubuntu Linux is the automatic update feature, which helps you keep your computer updated with the latest software a

Re:

[cp.tar]

And even if you believe that linux is more resistant to holes than windows that's not an issue: Remember most of these bots come in as trojans not remote execution exploits, and they don't even need to run as root--so linux is not going to be more secure against trojans people welcome into their user spaces.

And how many Linux users install programs outside their distro's repositories?

Under Windows, you can lure users to download your cursors, smiley collections and screensavers, because downloading from w

Re:

[grcumb]

One might speculate that it's a good thing for linux (and mac) that China runs on Windows.

The government of China has at least two officially supported Linux distributions that I'm aware of. They fund their development and promote them internally as well as internationally. It would be accurate to say that they've got some idea of the relative level of security that Windows and Linux provide, and have made their strategic choice.

Since linux is even harder to keep patched automatically it would not be a b

Re:

[sybesis]

Wow, we could start a movie...Shell hell and the editor of the beast....VI VI VI People would probably go home with a different perspective on how to use their computers. cmd line are faster to do most of the thing i need. And to continue, to protect you computer against malware. you need to watch... The return of the daemon. then killall Or even Cron Jobs log my home

Re:

[bl8n8r]

> One might speculate that it's a good thing for linux (and mac) that China runs on Windows. Um no. http://www.theregister.co.uk/2002/01/04/red_flag_l inux_beats_out/ [theregister.co.uk] http://www.infoworld.com/article/03/09/04/HNredfla g_1.html [infoworld.com]

Re:

[magarity]

You forgot the most important:
5. An extremely corrupt anything-goes-as-long-as-you-have-cash political infrastructure. And I don't mean people from wealthy family tend to be the ones who run for office (in the USA this refers to both parties). I mean if you don't give the policeman enough of a bribe that he bothers to arrest you for jaywalking/software piracy/industrial accidents/mass murder you can give something to the judge and still get out of it.

In Before...

[susano_otter]

..."I blame George Bush".

Re:

[Zonekeeper]

This would be funny, if it wasn't for the fact a large portion of Slashdot's community didn't believe exactly that in some incredibly screwed up set of dreamed-up circumstances.

Re:

[dotfile]

Then obviously you're just not as smart. I had no trouble parsing it, you just have to read all the words.

Re:

[mikael]

..."The Intertubes are blocked again"...

Strange.

[Mockylock]

That's funny, I thought Africa was?

Re:

[Greyfox]

Yeah, look how well it worked for online gambling...

Re:

[eln]

Conclusion: ... G Bush is 100% responsible for failing to stamp out spam.

You just aren't in on the President's brilliant spam-fighting strategy. Once the dollar devalues even more and the economy collapses under the weight of crushing debt, the average American will be too poor to be able to afford C1AL15, even at a discount. At that point, the spammers will stop targeting Americans, and send all of the spam to Europe instead, and Presto! America's spam problem is solved.

Re:

[Anne Thwacks]

Actually, I am a European. My spam problem is entirely composed of people advertising products I dont want, cant pay for, and dont believe I would get if I ordered them.

Notwithstanding the above, ALL credit cards, everywhere, are run by American companies. Bush could stop the whole lot in HOURS.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drpimp]

"restrict use of credit card payments for spam advertised goods"

How do you expect them to do that? Disallow legitimate CC purchases or Viagra, Male Enhancements, stocks, and Spyware protection? Would CC companies fail approval for statements that contain those keywords? I would imagine your reciept does not say "Viagra", it's possible it would say "V14Gr4" before it said the prior. New sites pop up daily, it's not like they can track domains or IP's either. Sounds like yet another step back restricting

Re:

[Anne Thwacks]

How do you expect them to do that?

The creid card companies mantain a tight reign on what there licencees can buy and sell. If you fall out of line, your access is cut off io hours. New sites may pop up daily, but its not that easy to get a merchant account. You have to provide an insane amount of documentation - typically directors of the company to have to hand over passports, marriage licences, firstborn sons, etc. If evidence of promotion via spam was grounds for cancelling merchant accounts, and the

Re:

[drpimp]

While I failed to mention that "following the money" wasn't entirely a bad idea (just to note that), and after hearing your arguments I would say you sound educated on CC companies, but after working with an e-commerce company for 2 years prior to now I can say getting a merchant account to process transactions is not as difficult as you suggest, but you're right they are strict on consequences and items of sale. Secondly, if CC companies are spamming, isn't that the pot calling the kettle black? If that is

Re:

[Ornedan]

The point of the nonsense spam is to mess with adaptive spam filters. The idea is to train the filters so that the relative weight of whether the message looks like gibberish or not is high compared to other factors. Then you make the spam messages you want to actually reach the recipient look like legitimate messages. Of course, I could be wrong about that, since that's just conjecture based on what I remember from my information theory courses.

HTML vs. Text email

[TFGeditor]

"The point of the nonsense spam is to mess with adaptive spam filters."

True.

"The idea is to train the filters so that the relative weight of whether the message looks like gibberish or not is high compared to other factors. Then you make the spam messages you want to actually reach the recipient look like legitimate messages."

Ah, no. The idea is to get past the spam filter with gibberish text but hawk the spamvertized item in a GIF or JPEG that the filter cannot see, but a human can (at least when reading e

Re:

[ThousandStars]

Sorry, you're too late [slashdot.org].

This is what you get...

[E. Edward Grey]

...When you won't allow people to update invalid copies of your software with security fixes. Quite honestly, Microsoft has to bear its share of blame in this. If they would simply make ALL security fixes available to all users no matter whether their copy is legal or not, we might be able to mitigate this problem to some extent.

I'm perfectly willing to admit, however, that you can't make people patch their OS if they don't want to do it.

Re:

[matazar]

you can't fix stupid. The biggest bug in Windows is between the chair and keyboard. The item in question is gullable, has admin privilages, and can run widely dispensed Windows specific code.

I still blame Microsoft.

[khasim]

you can't fix stupid. The biggest bug in Windows is between the chair and keyboard. The item in question is gullable, has admin privilages, and can run widely dispensed Windows specific code.

Now look at Ubuntu.

By default, you are a less privileged user. You have to do RESEARCH on how to log in as the root account. And the people who are most likely to be a problem are the least likely to do the research. This limits the trojan and virus threat.

By default, there are no open ports. This limits the worm threat

Re:

[tknd]

Vista is pretty close if setup correctly.

When Vista first boots, it asks you to create a user account (and optionally password). What it's not clear about, is that this first account is actually the admin account. If you put a password on the admin account and create a regular user account and login with the regular user account, every UAC prompt will require the admin password before continuing. The admin account name/icon will already be selected/shown in the uac prompt and all you have to do is start

Re:

[Anarke_Incarnate]

I prefer the term "Underprivileged User." It makes people want to send you money :).

Re:

[manifoldronin]

What share of blame is there for a company not to service a user who didn't pay?

Microsoft definitely deserves the blame for having the security holes in their products, but your angle is really just high horse riding.

Re:

[E. Edward Grey]

This whole thing about "services" and "didn't pay" with regard to security patches is a model I simply don't agree with. As a perfectly legal Windows user (yes, there are a few of us), my experience is enhanced when ALL users of the product are provided with security updates. I "paid" for my product, so Microsoft can "service" me by keeping illegal copies of their product from turning into germ farms.

Meanwhile, YOU can service me by...wink wink sailor!

Re:

[manifoldronin]

Um, no..., first of all, the whole point of patching up your Windows is so that no matter how screwed up somebody else's is, yours won't be affected. Again, complain about your Windows not being secure enough, but not others'.

Secondly, where do we draw the line if we go down your route? If Microsoft is obligated to "service" you by keep all the illegal copies of Windows updated, why shouldn't it also be obligated to give free upgrade to those customers who aren't willing to? That would "service" you, too

Re:

[Lumpy]

No no NO!
I want microsoft to release a new WGA that shuts down the XP boxes every 30 minutes and also bring up nasty popups of "illegal install" every 2 minutes.

I want them to go HARD and SWIFT on stamping out piracy! It will destroy their OS grip faster than anything else.

I wish they would be vicious on their anti-piracy. They wont because they know that they would die without the piracy.

Re:

[stonecypher]

No; it's what ExampleCorp Farms puts into every pound of mouthwatering sandwich meat.

Re:

[Hognoxious]

Not Constantinople.

Zombies can be tricky

[Tablizer]

What if somebody is simply zombying Beijing servers and/or desktops? It just may mean they have the most zombies, not that the actual perpetrator is there. It would still be considered lax security either way. Unless perhaps some big virus shop chose Beijing as their frame target because of China's already poor reputation in this area such that nobody would look elsehwere once traced there.

Re:

[x3nos]

Not even from TFA, but in the summary:

'As more and more users come online in China, there's a good chance those computers are using pirated software without up-to-date security fixes, making them prime targets for hackers who are actually located elsewhere in the world, [Simon] Heron said. Those compromised computers, which are used to send spam and make it more difficult to identify the spammer, are so valuable that hacker gangs have been competing to take over machines

Apparently not only are Zombies tr

And...

[rajinikanth]

and let me guess, the "UK-based managed security services company Network Box" is trying to get into the Chinese market?

What about Bangkok?

[MMC Monster]

I caught some serious viruses last time I was theer

I believe it.

[Anonymous Coward]

I been monitoring spam, brute-force attacks and other junk that is coming to my network and most of it comes from China recently. It is hard to discern if these are 2nd or 3rd party bot attacks but in the last month I had and still under spam attacks from China, Korea and other locations and China is still number one for me.
China is still "under-development" and I think most systems in China are half-baked that are ripe for botnet attacks so my thinking that the junk is botnets. Don't think I'm against the

Re:

[ls671]

How do you define a spam attack? For me, being under spam attacks is the normal status of my email server and I would tend to beleive it is also the case for most email servers ;-)

I drop connections from hosts listed in spamcop and once I do accept a message, I scan it for spam and viruses and drop it/archive it depending on the results of the scan.

Spamcop or similar rbl are pretty good at listing well known spamming IPs so I did not notice any considerable amount of spam from china recently in the por

Re:

[itsthebin]

I just finished working in china and had quite a few laptops brought to me with problems brought about by trojans and virus' . the thing I noticed was many of the issues were Chinese made for Chinese systems as many of the processes when searched for in Google had no English language results , only Chinese. I believe the main attack vectors are through IE and the official tencent QQ chat client , and the worrying thing was the last 2 laptops had rootkits installed which seemed to be a recent trend. expect

This news story itself is spam?

[Anonymous Coward]

There is no city called Turk in Turkey...

Wrong wrong localization!!! Wrong!!!

[Anonymous Coward]

Turk is not in Turkey country.
Turk is in Uzbekistan country.

The exact localization of the HaXoR is in the UnDeRgRoUnD of this garden [google.com] inside of an anonymous farm.

I have the solution.

[glasn0st]

To guard their citizens against these virus threats, the Chinese government should create a giant firewall and put all their machines behind it!

Oh wait...

uh oh....

[BlaKnail]

Somebody better let Paris Hilton know that Beijing took her title while she was in prison.

Turk in Turkey?

[fincan]

"This compares with slightly lower percentages for cities in countries noted for having a malware problem. Moscow was second for spam with 5.12 percent, Seoul third with 3.58 percent, Turk in Turkey fourth with 3.4 percent, and London in fifth place on 2.47 percent."

As a Turkish guy I would like to state that we don't have any city/town/place called Turk in Turkey. But we have around 65 million Turks living in Turkey. I am really sorry that we don't have a place like the author said but I'll contact the authorities immediately to build a new city named Turk and place all spammers/virus writer in there so you don't have to change your post. We're benevolent people.

Re:Useless Geo Location

[jginspace]

That's what I thought too. I think this gives away the fact that they were using the HostIP location service which is littered with references to 'Turk'. The same service also doesn't identify location to province level in China or Korea. For Chinese netblocks the whois records will invariably give the address as 'Beijing' with only the description pointing to the province which in fact owns the address. For Korea there's little information at all. Nothing in whois and none of the main Geoip services can sh

Re:

[1u3hr]

Almost as silly as "Turk in Turkey", is "Beijing kept the number one spot for malware, followed by Wattleup, Australia, at 3.7 percent"??? Wattleup? That exists, all right. It's a suburb of Perth [domain.com.au] with a population of 8443. Must be all spammers, each with a rack of servers they tend after they've settled the sheep down for the night.

What a load of crap. So how reliable is the "China == virus capital of the universe" conclusion all the xenophobes are hyperventilating about here? Perhaps Beijing is the sweet

What about the great firewall of china?

[Scrameustache]

Couldn't it be diverted from it's propaganda goals to also filter for malicious traffic?

Censorship != Propaganda

[MarkByers]

Couldn't it be diverted from it's propaganda goals to also filter for malicious traffic?

You mean censorship? Propaganda is what you read on sites like Slashdot. Both are bad, but they are not to be confused with each other.

Bag it, and get on with it!

[turgid]

As a friend of mine always said, bag [durex.com] it and get on with it.

The Great Firewall of China

[Nom du Keyboard]

How is it that the Chinese are so good about keeping out what they don't want their culture to learn about the rest of the freedom loving world, and so incredibly lousy about keeping in what they shouldn't be spreading to anyone else?

you dont know how big virus issue is in Turkey

[unity100]

most of the turkish internet users use internet for limited purposes - using MSN messenger to chat (generally during work), chain mailing each other and 20-30 lot lists various forwarded email messages that are "funny", "interesting" or "cool", (most of them are powerpoint slideshows, which are widely used to spread viruses), and idiotically clicking on links in chain forwarded emails that are supposedly sent by their "friends" - which takes them to trojan, keylogger, virus anything malicious sites.

this

Re:

[JustNiz]

Isn't it amazing how Microsoft seem hell-bent on continuing to make their products just ideal for sending virusses.

It seems powerpoint and word are both designed to just blindly execute whatever is embedded in their document formats. Talk about a ridiculous strategy. Why have a program execute documents in the first place?

Re:

[unity100]

in turkey, they use their both pcs, work and home, without discriminating. since they are more bored at work, crap happens more at work.

Which kind?!

[Hyperspite]

When I saw the headline, I thought: "Which kind of virus?"

Social change is needed

[webtron]

The People's Republic of China spends a considerable amount of attention on limiting what ordinary citizens are able to see on the Internet and this concerns many people in a variety of marginalized groups in the country. People in the West often complain at how unjust this is but the companies making the products to do it are in our own back yard. Beijing has it's fare share of academics being the capital of a country and all, so I think stomping out some unruly computer virus must not a priority. Maybe

psycology of virus writers

[Jorgandar]

I still wonder about the psycology of people who choose to write viruses. These people are writing programs to intentionally damage peoples lives. I wonder if they actually understand the consequences of what they're doing? (not law-based consequences, but the fact that they're hurting innocent people). Do they not care? Or is it the same cry for attention and help that other people (non virus-writers) express in different ways. Why is china in the lead? perhaps these people are unhappy with their li