Trend Micro researcher Lion Gu, together with other security researchers belonging to the China Education and Research Network Computer Emergency Response Team (CCERT) have written a white paper titled Investigating China’s Online Underground Economy containing a comprehensive look into the cybercrime underground in China. The result of months of hard work, research, and thorough analysis, the paper describes the architecture, the targets, and the techniques of Chinese cybercriminals. (The English-language version of this paper was published by the University of California-San Diego’s Institute on Global Conflict and Cooperation.)
As director for Threat Research Martin Roesler noted, what’s clear from the paper is that the Chinese cybercrime underground has adapted to local conditions. For example, online gamers are at particular risk in China. Many Chinese users lack access to online banking (due to financial constraints), making banking fraud unpopular. However, many of these same users spend money on online games, making attacks against these much more popular.
Roesler also notes that mobile users are also at added risk. Many Internet users in China have no fixed Internet access at home, relying instead on mobile access. This means that in China, mobile malware is far more important than it might otherwise be in other regions. Because of the relative lack of availability of other mobile platforms, Android devices are at a particularly high risk in China.
One thing that the Chinese underground market has in common with other regions is its growth. Not only did we see growth in the number of participants and posts made in popular forums; we also saw much interest in underground forums in would-be attackers being tutored by older, more experienced criminals.
This degree of knowledge and understanding of the cybercrime provides Trend Micro with additional information that is useful in providing comprehensive and timely threat protection. Underground monitoring of the global cybercrime underground is routinely carried out by our researchers and engineers, providing improved threat intelligence for all Trend Micro users.
We shall be discussing these, and many more findings, in the next few days.