Pro-Tibet rootkit Trojan poses as cartoon

Re: Exe

And i thought china was decent...

executables

anyone stupid enough to open such executables, deserves a virus, too bad normal, responsible users will also be affected by it in the long run.

Ominous

A previous rootkit that is an obvious attempt to collect names and information on Tibetian freedom fighters (or "terrorists" if you ask China) from user databases and now this, another virus intended to keylog a target audience who is sympathetic to Tibet or anti-Chinese government - When will the world at large wake up and realize that China as a government is funding cyberterrorism?!?!? Everyone is quick to point out the obvious that Windows users shouldn't click on .exe's (duh!) dosen't anyone see the bigbrother scary aspect and the damage that a government funded agency can do when supporting illegal activity? (This has to be in violation of several peace treaties, and I see it as a hostile act of war) - where is the US / UK government? oh yeah at the trough with the rest of the pigs sucking up the proceeds of chinese slave labor !!!!! Ugghh!!!

So who out there is willing to support a access ban on China?

Block them via BGP at the AS level - then you no longer have to worry about payloads being sent back to foreign countries where no sane law applies. While where at it why don't we throw in Russia, Isreal and few other countries that don't feel like playing by the rules. Then we could move onto to blocking ISP's and companies with poor security policies.

Then onto the indiviuals operators who have shoddy policies - HA! now were safe, oh wait a minute ..... why can't I reach anything anymore?

hmm, maybe just china and russia then, sure they can proxy and get around it, but it would make it harder for them to home stolen payloads since they have to send their stolen data to a compromised machine in a country outside their military control, plus it costs me nothing, and just maybe these extra stepping stones they have to cross to get here allow more chances for detection and response.

(another big sign)

"Web War Two: Attack of the Clowns"

For those not keeping count: "Web War One" was the Estonia / NATO conflict.

http://www.wired.com/politics/security/magazine/15-09/ff_estonia

Attached EXEs were addressed, what, four versions of Outlook ago, one version of Outlook Express ago, and are banned summarily by any ISP with a clue these days. To open this in an e-mail would require a seven year old version of Outlook or Outlook Express and a nine year old version of Windows, and that's after you deliberately turn off the safeties.

I've been waiting seven years for a full on virus war... bring it on so we can predict the death of the Internet. Maybe it'll finally wake folks up to how popular anti-virus software fails to do its job. And, let's not forget that McAfee supplies viruses to China, so we can thank our private security guards for this one.

http://www.theregister.co.uk/2001/04/03/chinese_feds_demand_computer_virus/

@ Ominous

"where is the US / UK government?"

Too busy having fun with Echelon.

If it logs to a known server

Couldn't we solve this in a more responsible manner? I'm fairly sure network admins worldwide wouldn't mind redirecting all the RFC1918-traffic passing misconfigured NAT setups towards that ip. If it still answers to anything after that, we can redirect all the other martian packets there. Think of it as an ip packet recycler.

Now, can we _PLEASE_ have the ip for that server they want traffic to?

//Svein

Sighfest

WW1 was one grumpy Russian, not a government attack. He was sentenced and everything. Do try to keep up.

As for blaming China, that's not *nearly* sneaky enough. This could just as easily be a setup to make China look like villains; there are many axes to grind here. Block off national comms because of one script-kiddy's unsourced, unverified trojan? Get real.

Users will always click on cool-looking stuff. Sigh all you like, that won't stop it happening.

sigfest

"He was sentenced and everything. Do try to keep up."

Sorry, I thought there were dozens of reports of virus and trojans that had their payload depositied to either China or Russia. I wasn't aware that they had caught and sentanced them all.

Seriously though, the problem I was raising is that these governments at the very best are refusing to do NOTHING about serious criminals within their boundaries. More realistically, the government opposition and policitcal enemy targets that keep being the focus of this malware, on top of the relative level of sophistication make me skeptical that this is anything other than government sponsored cyber warefare.

To often these ip addresses route to state sponsored or owned businesses, and the governments are moronically evasive and unresponsive to compaints and inquiries.

One virus that fingered either country and I would say "get real", dozens of incidents over a decade is a serious trend.

Using Chinese government address space from a region in china, and then get China to protect your efforts, that's a realy powerful script kiddy for you.

Some of these cost the westen world a good bit of expense, I sure hope they leaned on local athorites to do Something but nothing happened.

Of course Russia will arrest one dump rogue virus writter, not only is he breaking the law, but he's causing the state undue attention :-)

This is only going to get worse unitl our legislature in the western world undertands the problem better.

Make the Great Firewall of China work both ways

and i have no doubt, a hell of a lot of this stuff would stop (or at the least be offline for the few weeks it takes to set up a new host in Russia/Eastern Europe).

Additionally, somehow it just feels right to me that if one nation's government is going to block all incoming traffic that they dont like, then we should block all outgoing traffic we dont like. Of course the Chinese already have a system in place to check all data entering China, so until we get to that same place perhaps we should just block all data exiting China?

What do you think? Good idea? Bad idea?

Good idea but,

it might be hard to get the govt to go along with the idea.

Great thing about access lists and BGP blocking is you can do it at the individual/company/isp level. Rogue hackers would relocate, but the threat of governments hiding out in their own countries and protecting illeal activities could be addressed.