http://www.cisrt.org/enblog/index.php en-US http://www.cisrt.org/enblog/read.php?258 smallmo <smallmo@cisrt.com> Mon, 05 Apr 2010 08:38:01 +0000 http://www.cisrt.org/enblog/read.php?258 Jiangmin Anti-virus Company.

Mr.Jiangmin Wang, Branch Chairman of Jiangmin, died in Beijing due to illness at 9:20a.m. on April 4, 2010.

The color of the chinese homepage of Jiangmin has turned to be gray.

]]> http://www.cisrt.org/enblog/read.php?257 smallmo <smallmo@cisrt.com> Tue, 12 Jan 2010 02:47:05 +0000 http://www.cisrt.org/enblog/read.php?257 Baidu.com, the most popular search engine in China, had been unavailable since this moning.

As the time of writing, Baidu.com is also unavailable.

We noticed this case may be caused by DNS hijacking by the “Iranian cyber Army”, the same guys we mentioned several weeks ago.

A related news: Baidu, China’s Largest Search Engine, Hacked by “Iranian Cyber Army”

............

Tags - baidu.com , dns , hijack ]]> http://www.cisrt.org/enblog/read.php?256 smallmo <smallmo@cisrt.com> Fri, 18 Dec 2009 08:31:18 +0000 http://www.cisrt.org/enblog/read.php?256 Sans.org reported that Twitter outage via DNS hijacking.

A reader posted a image in the comments of this report.

http://i.imgur.com/Q1EgM.jpg


Tags - twitter , hijack ]]> http://www.cisrt.org/enblog/read.php?244 hzqedison <hzqedison@cisrt.org> Thu, 02 Apr 2009 17:52:47 +0000 http://www.cisrt.org/enblog/read.php?244
I just want to tell everyone Conficker infected machines in China only a little.About only hundreds of thousands(China has about 300 million Internet users).

Why so little?To be continue in next article.I will tell  everyone more.
Tags - conficker , popularchina ]]> http://www.cisrt.org/enblog/read.php?243 hzqedison <hzqedison@cisrt.org> Thu, 26 Feb 2009 18:13:00 +0000 http://www.cisrt.org/enblog/read.php?243   I was the new member of Chinese Internet Security Response Team(C.I.S.R.T.) .My username hzqedison in Chinese Security forums.My research interest focuses on malware originating from China.
  The World Wide Web (WWW) becomes more and more important each day within China. A large number of Chinese Internet users enjoy the convenience and flexibility the Web brought them, from searching for information, online entertainment to e-business, and e-finance. According to the latest Alexa Globaltop 500 websites list (32 Chinese websites are in the list), there are four different types of successful and well-known sites within the Chinese Web: the first type of websites are search engines, including Baidu, Google.cn, Yahoo! China, Tencent’s SoSo, and Sohu’s Sogou. Among them, Baidu and Google are the most popular ones. The second category contains portals and navigation sites. Among the seven sites belonging to this category, Tencent’s QQ, Sina, NetEase 163, Sohu, and TOM are listed in the top ten Chinese websites. The third type of sites is related to e-business: the Taobao C2C (customer-tocustomer) online business platform and the Alibaba B2B (business-to-business) platform – both operated by Alibaba group – are well-known within the Chinese Web. The last type of sites contains sites in the area of online entertainment and virtual personal space, including YouTube-like sites such as 56.com,tudou, ku6, several myspace-like sites such as Tencent's Qzone,kaixin001.com,Discuz!'s UChome,and others.There is also the other side of the coin: targeting the virtual assets owned by the normal Chinese Internet users, malicious attackers discover the Web as a new venue for making money by exploiting innocent users. A common theme is to inject malicious code into a bought or compromised website. The injected code exploits an unpatched client-side vulnerability: each time a user with a vulnerable version of a browser or related application visits this site, his machine is compromised and some kind of malware is automatically installed. This kind of attack is also called drive-by-download attack.The malware is quite often some kind of Trojan Horse that searches for valuable information on the victim’s machine and then sends the information back to the attacker, who in turn can sell this virtual good to other attackers or innocent users.
  I want to tell all of us what phenomenon on the Chinese web in more detail.Why so many inject malcode into websites(drive-by-download attack)?Everyday,I post some inject malcode into Chinese websites in CISRT simplified Chinese blog.My English is very poor,but I will try to write something about malware originating from China in English.thanks！
                                                                                             by hzqedison[AT]cisrt.org
Tags - cisrt , drive-by-download , attack , malcode , hzqedison ]]> http://www.cisrt.org/enblog/read.php?229 smallmo <smallmo@cisrt.com> Wed, 06 Feb 2008 05:59:33 +0000 http://www.cisrt.org/enblog/read.php?229
............

Tags - chinese new year ]]> http://www.cisrt.org/enblog/read.php?122 smallmo <smallmo@cisrt.com> Sat, 07 Jul 2007 10:58:36 +0000 http://www.cisrt.org/enblog/read.php?122 a false detection case about Kaspersky.

After that, on May.23, Rising released an announcement which claimed that Kaspersky's anti-virus products had mistakenly identified and deleted non-virus related files 22 during a six-month period, and that Kaspersky "showed despise for Chinese users".

And on July.5, Rising released another announcement about the other six false detections of Kaspersky in recent two weeks.
............

Tags - kaspersky , rising ]]> http://www.cisrt.org/enblog/read.php?102 smallmo <smallmo@cisrt.com> Sat, 19 May 2007 14:53:08 +0000 http://www.cisrt.org/enblog/read.php?102
Yesterday, false detection case from Symantec. Today, another false detection case from Kaspersky.

Some Chinese users tell us that Kaspersky detects "rsaupd.exe" as Trojan.Win32.Inject.av today. "rsaupd.exe" is a program of Rising AntiSpyware software, which is used to update the databases.  
............

Tags - rsaupd.exe , trojan.win32.inject.av , rising , antispyware ]]> http://www.cisrt.org/enblog/read.php?100 smallmo <smallmo@cisrt.com> Fri, 18 May 2007 15:51:56 +0000 http://www.cisrt.org/enblog/read.php?100

............

Tags - netapi32.dll , lsasrv.dll , backdoor.haxdoor ]]> http://www.cisrt.org/enblog/read.php?69 smallmo <smallmo@cisrt.com> Sun, 01 Apr 2007 09:38:14 +0000 http://www.cisrt.org/enblog/read.php?69 reported yesterday has realized it will be very serious if his or her worm infects lots of Chinese computers. Maybe he(or she) doesn't want to be arrested like Li Jun, the author of Worm.Win32.Fujacks.

In the latest version of this .ani worm, he(or she) has removed the function of infecting .HTML .ASPX .HTM .PHP .JSP .ASP files, and inserting the malicious links which contained Windows Animated Cursor Handling zero-day vulnerability into these files. He(or she) also leaves a message that he(or she) doesn't want to destroy any computers, destroy any documents, infect system files in the worm body.
............

Tags - trojan-downloader.win32.agent.bky , macr.microfsot.com , a.2007ip.com , vulnerability , .ani , microsoft ]]>