Chinese Company Shares Huge Malware Database

Use Netsparker


We need more companies like this that acknowledge hoarding data isn’t doing anything for the greater good, to really stamp out the core problems you have to share the data you’ve correlated across the World so everyone can put together what they have and do something about it.

It seems like with China pumping out the most malware this might be a very useful project, they have designed it quite intelligently too meaning it’s useful for many applications.

A Chinese company that has created a massive database of malware found on Chinese Web sites opened up the information to other security organizations on Thursday. Beijing-based KnownSec gathered the viruses and other information with a crawler that scans nearly 2 million Chinese Web sites each day, Zhao Wei, CEO of the security company, said in an interview in Beijing. He planned to give a presentation on the subject at the Forum of Incident Response and Security Teams (FIRST) security conference in Kyoto, Japan this week.

The database covers more Chinese Web sites and provides more up-to-date information about their security than any other, Zhao said in the interview. China produces the majority of the world’s malware, he said. A history for each site in the database lists dates of malware infection, the strings of malicious code placed on the sites and which antivirus products defend viewers against their attacks. The database also stores tens of thousands of viruses found being distributed by the sites.

Apparently according to McAfee with the current rate of malware growth in China, it could be doubling every year.

And phishing is starting to wake up in China, so get ready for more spam and scam e-mails with terrible English

KnownSec each day finds more than 100 Trojan downloader files that have never been seen before, Zhao said. Each of those can direct a victim’s PC to download up to ten viruses. The database also has a list of Web sites that are currently compromised. Only about half of the newly infected sites KnownSec finds each day are also listed by Google as dangerous, said Zhao.

Google labels search results it has found to be potentially dangerous during scans of its index. When asked for comment, a Google spokeswoman said organizations need to work together to identify online threats and stamp them out. Security companies and national computer emergency response teams can request access to the KnownSec database, Zhao said. Security companies could use the information to shield users of their antivirus programs against new malware threats, he said.

The majority of the malware is password stealing trojans, which I’d imagine are targeted at users within China themselves and users of China based banks.

The phishing attacks are targeting these same users, either way be careful. It looks like China is jumping into the malware/phishing/spam arena with both feet so expect a rise in threats.

Source: Network World

Posted in: Malware, Phishing, Spammers & Scammers, Web Hacking

, , , , , , ,


Latest Posts:


testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.


Comments are closed.