Malware openly available in China, researchers say
Developers sell subscription programs, upgrade services for hacking
Computerworld - LAS VEGAS -- China's rapid emergence as a hotspot for criminal hacking activities is enabled by the open and unfettered availability of sophisticated hacking tools, according to security researchers attending the Black Hat conference here this week.
Many of the hacking tools are inexpensive, highly customizable, and easy to use.
Most of the early users of the the malware products have sought to steal has been from from online gaming accounts inside China. But now experts are seeing much broader use of such tools.
Hackers in China are developing malicious software "almost like a commercial product", said Val Smith founder of Attack Research, a Los Alamos, N.M.-based security firm. The products come complete with version numbers, product advertising, end-user license agreements and 24-hour support services, he said.
They are "rapidly deploying very easy to use tools for cutting edge exploits," Smith said at a Black Hat presentation on Wednesday. "Their community is huge because [the malware] is easy to use," while at the same time many of the exploits are very advanced, he added.
Unlike in the U.S, the buying and selling of hacker tools in China takes place mostly in the open, said Anthony Lai, a security researcher with Valkyrie-X Security Research Group (VXRL) a Hong Kong based non-profit firm. Often, all that's required to find and purchase a malware program often is the ability to use a browser and search engine, he said during a talk at Black Hat.
Most of those selling malware products make little effort to conceal their activities. In fact, many openly advertise their wares and their capabilities through search engines like Baidu.com, he said. Customers can buy the malware they need for less than $20 or sign up as subscribed members and get regular updated supplies of the tools, Lai said.
The hacking tools run the gamut and are often designed for off-the-shelf use. Many offer exploit generators that allow more sophisticated hackers to carefully customize malware for specific needs by using graphical user interfaces, Lai said. The GUIs let wannabe hackers specify what they want the program to do, for instance, whether they want it to steal data, capture screens, log keystrokes, remotely control a system or undertake any other task.
Some check boxes lets malware purchasers decide what kind of obfuscation and hiding methods they want to use to evade detection by security tools, while others walk them through the deployment and updating process, Lai said.
It's not unusual for those selling malware programs to let buyers first test out the products before buying it and to offer regular product updates and phone numbers to call for support services. Statistical tools are also available to help buyers keep track of the systems they have infected.
China's hacking abilities has received increasing scrutiny following Google's disclosure earlier this year that it's servers had been hacked apparently by hackers based out of China.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!