Chinese Cyber Attacks Increase

ktadmin Post in Identity Theft, News
0

As Reported here, there have been a sharp hike in cyber-attacks from China. Security experts at Finjan examined the new wave of Chinese attacks and the mechanisms used and claims and have identified an “intricate network of connections” between China-based servers run by cyber-criminals. While trojaned systems that initiate the attacks exist all over the world however they are eventually associated with servers registered as Chinese domains. The attackers are spreading the assaults by placing entry points on a variety of websites in different regions and listed differently by URL categorization engines. The infection consists of either an I-frame or a Script tag placed on the website that causes users visiting the site to be attacked. Examples for such entry point regions are shown in Finjan’s December 2007 Malicious Page of the Month Report (free subscription required), and were found on trusted websites in the U.S., China, and Western Europe, including government and education sites. After the victim reaches an entry point, the attackers use dynamic code obfuscation methods to limit signature-based technologies from detecting the attack. The victim is redirected to a series of sites containing I-frames that will eventually force the victim to visit a site that belongs to the Chinese network. In the first part of the actual malicious attack, the cyber-criminals use new or known exploits that will infect the victim with a crime-ware Trojan. “After the initial Trojan is loaded it initiates the downloading of other Trojans from different locations. The compromised computer will then redirect to other sites in order to send statistical information about the infected PC,” the firm stated. “Finjan has discovered that different Trojans send encoded information to the same sites in China that we identified as being unique to the attack.

« Prev: :Next »

Leave a Reply