Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    This is part of a series of blog posts discussing the Chinese underground. The previous parts may be found here:

    The full paper can be found here.

    The third value chain – Internet resources and services abuse – has a somewhat unique role, in that it facilitates all the other value chains. Without malicious servers and bots at their disposal, the theft of both real money and virtual assets would be more difficult.

    The architecture of this value chain can be seen here:

    Broadly speaking, many similarities exist with other underground economies, although some aspects are unique to the Chinese underground. In particular, the concept of “hanging on” software is unknown outside of China. “Hanging on” software allows people to in effect, voluntarily lend their systems to botnets in exchange for promised payment.

    Similarly, there are monetization schemes that are unusual in other countries as well. The sale of fake professional certifications in China is commonplace; the arrests of a gang engaged in this behavior netted 165 people. Other profit methods such as DDoS attacks, spam, malware selling, click fraud, and PPI (pay-per-install) affiliates are already known from other underground communities.

    Terminology and Example

    An example of these sorts of schemes and attacks was demonstrated in 2009. Two defendants were arrested for carrying out DDoS attacks against an unidentified online game. They were able to blackmail 500 million units of in-game currency, which they sold in the underground for 18,750 renminbi (approximately 3000 US dollars).

    The DDoS – referred to as a “swordsman stress test” (剑客压力测试) – was carried out using software purchased in the underground market. The software was purchased for the price of 788 renminbi (approximately 125 US dollars), but came with 500 compromised machines to carry out DDoS attacks. The suspects then bought more compromised machines (which they referred to as “chickens”), to add to the power of their DDoS attack.


    Coming Soon: The TrendLabs Security Intelligence Blog will be the new Malware Blog





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice