Skip to main content

Finjan analyses Chinese Web attacks

After a summer that has seen government computer systems in the UK, US and Germany allegedly attacked by the Chinese military, the good people at Finjan (opens in new tab)have analysed some of the Web sites involved.

The study (opens in new tab), which is still in progress, claims to show how users' PCs are being infected by Trojans distributed from China that then steal data from organisations and details some of the sites that are involved in the process.

The research, which was carried out by Finjan's MCRC - Malicious Code Research Centre - found that the Chinese attackers are distributing their content using obfuscated code and a network of Web sites to by-pass traditional IT security systems and software.

The IT security firm says its research uncovered a highly sophisticated attack that used zero-day exploits, as well as other new hacking techniques, and discovered a Chinese group at its heart.

Even more worrying is that one of the Web sites in the group was found to belong to a Chinese governmental office.

Finjan's CTO, Yuval Ben-Itzhak (opens in new tab), said that this development is worrying on several levels, since signature-based IT security technologies such as AV and Web filtering systems have only limited effect against this type of attack.

"To defend against this type of attack, security technology needs to employ real-time content inspection technology that analyses each and every piece of web content in real-time, regardless of its original source or domain name," he explained.

He's right too. Finjan plans on releasing the full details of its study later this month. In the meantime, you can read more here... (opens in new tab)