< Technical Report: Characterizing the IRC-based Botnet Phenomenon | Storm Worm Potpourri >

Technical Report: Studying Malicious Websites and the Underground Economy on the Chinese Web

Together with the researchers from the Chinese Honeynet Project, we also examined the extend of malicious websites on the Chinese Web. Using high- and low-interaction honeyclients, we were able to find about 2,500 sites (1,49% of overall examined sites) that tried to compromise an unpatched system. Furthermore, we also studied the underground black market which is used to trade exploits, malware, and stolen virtual goods. Several measurements provide an insight into the black market on the Chinese Web and show that the attackers are organized pretty well. We published our findings as a technical report to share the lessons we learned.

Abstract:
The World Wide Web gains more and more popularity within China with more than 1.31 million websites on the Chinese Web in June 2007. Driven by the economic profits, cyber criminals are on the rise and use the Web to exploit innocent users. In fact, a real underground black market with thousand of participants has developed which brings together malicious users who trade exploits, malware, virtual assets, stolen credentials, and more. In this paper, we provide a detailed overview of this underground black market and present a model to describe the market. We substantiate our model with the help of measurement results within the Chinese Web. First, we show that the amount of virtual assets traded on this underground market is huge. Second, our research proofs that a significant amount of websites within China's part of the Web are malicious: our measurements reveal that about 1.49% of the examined sites contain some kind of malicious content.


The complete report is available as TR-2007-011.
This entry was posted by Thorsten Holz on Tuesday, December 4. 2007 at 08:16. and is filed under honeynets, malware, paper. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

  1. Heike says:
    #1 2007-12-06 00:00 (Reply)

    This is a fantastic post. I have been looking for a study similar to this for a long time. I study Chinese hackers and this finally explains the economic network that fuels them.

  2. Rodger says:
    #2 2007-12-06 12:54 (Reply)

    Excellent reports! I wish somebody would do some more investigations regarding >Romania and Russia


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.