Inside the Chinese malware economy

German and Chinese researchers have just released a study that explores the world of Chinese commercial cybercrime. The researchers set up virtual PCs running Internet Explorer, then visited nearly 15,000 Chinese websites, deliberately infecting their virtual systems with whatever crapware happened to be running on the system. Then they carefully analyzed the infections as they unfurled and encrappified the virtual instances of Windows, and used the results to reverse-engineer the way that the malware economy runs.


The Virus Writers take care of implementing Web-based and conventional Trojans, and use evasion methods to create covert Trojans, and then they sell the malware and evasion service," the paper says. "Website Masters/Crackers betray their customers or crack unsafe websites, and sell the visitor traffic of their own or harvested web sites. Envelope Stealers construct a Web-based Trojan network by hosting the bought Web-based and conventional Trojans on compromised computers, and redirect the web site visitors to their Web-based Trojans. When the Web-based Trojan network is ready, the victims who visit the malicious web sites will be redirected to and exploited by the Web-based Trojans, and infected with further conventional Trojans. These Trojans then steal envelopes and virtual assets from the victim's machine."

PDF Link

(via Ars Technica)