The malicious activity that comes from Chinese servers isknown for a long time. In many cases we are seeing the use of Chinese serversby bots that being spread over the web. Most of these bots are beingpropagated in order to steal identity, information, backdoor etc’.

But there is also other activity, unlike these bots that arebeing operated by hackers there is also a cyber-war.

We know that countries are using hacking techniques in orderto espionage against other countries, security organizations employing hackersin order to penetrate to other countries servers, and from the Google incidentin China we actually know something that was clear to everybody – the bigbrother is watching you.  

The “Foreign Policy” web site (http://www.foreignpolicy.com/)published a very interesting article that reviews the top 10 Chinese cyberattacks (that we know of) against US government sites:

http://thecable.foreignpolicy.com/posts/2010/01/22/the_top_10_chinese_cyber
_attacks_that_we_know_of

 More from MS site: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx

The Google-China relationship has been the subject of many recentarticles and debates in the media. Across the globe, thousands have protestedagainst Google, claiming that the renowned web browser is lending a hand to thetrampling of human rights in China by allowing the Chinese government to filtersearch results.

Last Tuesday Google announced that it was consideringexiting the Chinese market as the result of a sophisticated online attacktargeted at Google systems – especially Gmail – in order to penetrate the accounts of pro-democracy activists in China.

In the beginning, the assumption was that the hackers(reported by some as being funded by the Chinese government), used a zero-dayAdobe Acrobat Reader vulnerability. However, according to McAfee, there is evidencethat they used a new IE zero-day vulnerability instead.
More information about the IE zero-day vulnerability can be found here:
http://www.microsoft.com/technet/security/advisory/979352.mspx

Link to the Adobe blog post referring the attack:
http://blogs.adobe.com/conversations/2010/01/adobe_investigates_corporate_n.html

It will be interesting to see if Google will carry out itsthreat to leave the Chinese market. My bet is that it won’t.

In the meantime, it is important to note that eSafe customers are protected against both exploits – the Adobe Acrobat exploit and the new IE zero-day exploit.

Facebook users are once again under attack. A new variant of Bredolab Trojan is spreading through spam email messages appearing to come from Facebook.

The messages pretend to come from the “The Facebook Team”, while the real SMTP from address is in fact spoofed. However, an attached archive file containing an executable file may infect users with a Trojan horse.

The following is an example of the spammed email messages:

The attachment may come with the following name:

Facebook_Password_3db40.zip
or
Facebook_Password_[5 random characters].zip

This Bredolab Trojan downloads and executes further malware files on the affected machine such as rogue anti-virus software, and in order to bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe.