China's Internet Under Attack

January 22, 2008 12:00 am Last Updated: January 22, 2008 12:00 am

During 2007, millions of home computers, Internet cafes, and corporate networks in China were affected by virus outbreaks. “This is an industry where profits are higher than real estate,” sighed Wang Lei, a Chinese computer virus vendor during his arrest.


The raging Worm.Nimayam outbreak covered China in two short months. The programmer, Li Jun, was arrested in February 2007 and sentenced to four years in prison, but that did not slow down the virus industry.

The virus acts like a Trojan horse. It is a small program similar to a phone-tapping device hiding in one's computer. It picks up personal information, and thus hackers can manipulate the owner's property (money) or virtual property (such as on-line gaming accounts, e-shopping).

Huigezi (win32.hack.huigezi)

In March 2007, a more powerful virus entered the virtual world: Huigezi. According to incomplete statistics, the direct impact of the Huigezi virus has reached over 20 million yuan (approximately US$2.7 million). One can only imagine how many accounts have been broken into by this virus and how much financial loss has been sustained throughout the country. Even now, Huigezi variants continue to endanger network security.

Experts said that the Huigezi virus is like an invisible thief, who hides in a corner of one's computer and monitors every single move, such as every word typed in a chat program like MSN. Online banking has become the target for obvious reason. Since 2007, there are a number of online bank users whose passwords have been stolen, their accounts invaded, and millions of yuan lost. A survey by iResearch in Shanghai reports that online banking in 2006 sustained losses of over 100 million yuan (US$13 million).

According to statistics from National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), the number of computers in China invaded by a Trojan horse virus in the first half of 2007 has already exceeded the total reported cases in 2006.

Hackers Made in a Day

Tutorials on how to become a hacker are easily found on the Internet in mainland China. As long as the computer operator can type, he or she can join the empire of hackers in a day. According to Economic Information Daily, the virus industry in China has become a well-organized on-line underground business chain, which includes steps of code programming, propagation, stealing account information, and money laundering. Some small- to medium-sized online businesses now have to regularly pay a protection service fee to ensure their e-commerce security.

“There is an obvious sign that shows virus manufacturing has been industrialized—previously, virus programmers simply wanted to show off their technique, now they want their virus be more stealthy. The former looks for popularity, while the latter seeks to hide the virus for profit,” said the secretary of Internet Society of China, Huang Chengqing.

Nowadays, cyber-crime is organized, large-scaled, and quite open. Take the Huigezi virus as an example: the programmer sells the virus to a wholesaler, who then sells to retailers at a higher price. Retailers will then recruit and train rookie hackers and charge them training fees. The rookie hackers then use the skills learned to invade computers for personal information ranging from identification, account numbers, online gaming IDs, even personal video clips. The information gained is used to trade on the Internet, or it is sold to a commercial advertising company, or even used to manipulate the click rate of a certain Web page.

The invaded machines are sold at prices ranging from 1 yuan to over 20 yuan, depending on how long the control lasts. With the average of 100,000 machines a Huigezi virus can invade in a month, a hacker can easily make 10,000 yuan. This does not include the revenue earned through trading with stolen personal information, or from using stolen bank accounts. Because of the ease and anonymity gained, countless people have been pulled into engaging in this abnormal business and the underground market chain becomes even stronger.

To ensure profits, virus programmers have evolved from avoiding elimination by antivirus software to attacking the antivirus software and have even formed collaborative groups.

The secretary of the Internet Society of China, Huang Chengqing, disclosed that virus attacks have recently targeted both pharmaceutical and gaming industries. It has even come to the point that companies have to pay a protection service fee to avoid the attacks. In May 2007, a well-known mainland online gaming company suffered a loss as high as 34.6 million yuan (approximately US$4.6 million) caused by a 10-day network shut-down due to a virus attack.