Chinese Government Website Hacked to Spread Malware

Mike Geide, Senior Security Researcher at Zscaler, has found that a Chinese government website has been recently infected. The infection is found similar to the one during an Internet assault, which reportedly drove Google to say that it'd stop operating on the Chinese Internet, as reported by USA TODAY on January 26, 2010.

Geide became aware of the infection hitting 'latax.gov.cn' when he visited a forum that posted a report stating that users accessing the website could become infected with malware.

The researcher also states that anyone following the government website containing tax payment related information will face the risk of receiving infection. A malware infiltrate into the visitor's system through a newly found vulnerability in the Microsoft Web-browser - Internet Explorer. A backdoor component on the target computer will be created that will help the attacker to plant a program for activating the computer's webcam and capturing sensitive data without leaving a clue, Geide explains.

The original malware threat existed in the indexing page of the website. For executing the attack, a popular crime-ware kit of do-it-yourself type called 'Hupigon' was used.

The security researchers state that upon installation, 'Hupigon' can present different utilities to the attackers. A rootkit feature in Hupigon makes its detection especially difficult.

Moreover, Hupigon's menu-driven controls come in Chinese language and the place for the kit's trading is also the Chinese language forums. These apparently suggest that it is the Chinese individuals themselves who were responsible for infecting www.latax.gov.cn.

Geide also wrote in a blog posting that it was just one instance where zero-day vulnerability in IE affected gov.cn websites; he had observed other similar reports as well, as reported by Zscaler on January 25, 2010.

According to the researcher, the question that arises is whether these attacks are designed to potentially monitor 'citizens' activities, or whether hackers have infiltrated the gov.cn sites. Whatever the case may be, users are recommended that they do safe browsing, while those using IE 6 should upgrade or switch to another browser, he added.

Related article: Chinese Hackers Threatening Korean Game Sites

» SPAMfighter News - 2/2/2010