Chinese Government office involved in Malware distribution

Finjan conducted a study prompted by the increased volume of attacks coming from China. 

The study maps how users PCs are being infected by Trojans distributed from China that then steal data from organizations and details some of the sites that are involved in the process. 

Finjan's Malicious Code Research Center (MCRC) have detected malicious activity by groups that distribute their content using obfuscated code and a network of websites to bypass traditional information security technology. 

Finjan investigated a very sophisticated attack that used zero-day exploits (malware for which there is no security patch) as well as other new hacking techniques and discovered a centralized group of activity based from China, one of the websites in the group belongs to a Chinese governmental office.

Finjan researchers found that some sites in the network lead to Trojan sites that exploit the users' browser and then download the Trojan and install it on the users desktop. 

Once the users PC has been infected the Trojan starts to send data to other websites in the network which are hard to detect. 

Additional sites in the network monitor and control the attack using statistics about how many users visit the site and how many got infected.   

The Trojans also collect data from the user, including which operating system is used, the applications that are running, their personal information such as user names and passwords, and what security systems are installed, AV, Spam, firewalls, etc.