Language Selection

English French German Italian Portuguese Spanish

China 'using worms to steal trade secrets'

Filed under
Security

Cyberspace is becoming a new battleground for the US and China, amid growing concerns about Chinese industrial espionage through various types of computer worms, security professionals claim.

At least one trojan program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets, they say.

Security firms have long been concerned about various types of malicious software used to steal files or passwords. But some newer programs seem designed as a more sophisticated and targeted effort.

Joe Stewart, a researcher with the US security firm Lurhq, said that by reverse-engineering a recent PC worm known as Myfip, he found a clear connection to China.

"All the emails we've traced back with this particular attachment came from a single address in China," Stewart said, adding that it was "highly likely" that the program was used for espionage against US high-tech and manufacturing firms.

Stewart said the program appeared to have been originally developed as a way to steal student exam papers and then expanded so that it could now copy many types of documents, including computer-assisted drawings and Microsoft Word files.

Forbes magazine, which first reported the Chinese origin of Myfip, said the worm had been propagating by spam that activated the program when recipients clicked on attachments. Forbes said about a dozen versions of Myfip may have been in circulation and used to steal sensitive documents including mechanical designs and circuit board layouts.

Analysts point out that tracking attacks or malicious software can be tricky because the origins can be disguised.

But Marcus Sachs of SRI International, who also directs the industry-academic SANS internet Storm Centre that monitors cyberattacks, said the evidence against China is solid.

"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks," he said.

Sachs said the latest types of malicious software, or "malware," represent a new strategy by creators of the programs.

"Most of the credit card theft, money laundering and fraud is coming from Russia or former Soviet Union countries," Sachs said.

"The Chinese seem to be a bit more clever in covering their tracks and are more likely conducting covert raids for corporate secrets, rather than chasing money like their Russian organised crime counterparts."

But the techniques may not be limited to industrial espionage. Some analysts say similar malware may be targeting government agencies in a bid to steal other types of secrets.

The online newsletter SecurityFocus claims the wave of cyberattacks that hit Britain last month may have been part of an effort to obtain government documents from British and US agencies.

Britain's National Infrastructure Security Coordination Centre said last month that a series of trojan-laden email attacks were "targeting UK government and companies," in an apparent "covert gathering and transmitting of commercially or economically valuable information."

The June 16 warning did not specifically mention China but said most of the evidence pointed to computers in "the Far East."

AFP

More in Tux Machines

Releases: Linux From Scratch 8.0, LEDE 17.01, 4MRescueKit 21.0

  • Linux From Scratch 8.0 and Beyond LFS 8.0 Land with GCC 6.2, GNU Binutils 2.27
    Bruce Dubbs from the LFS (Linux From Scratch) and BLFS (Beyond Linux From Scratch) projects that allow experienced users to build their own Linux-based operating systems from scratch announced the release of Linux From Scratch 8.0 and Beyond LFS 8.0. Both Linux From Scratch 8.0 and Beyond Linux From Scratch 8.0 major versions are available with and without the systemd init system, and they offer support for some of the latest GNU/Linux and Open Source components, including GCC (GNU Compiler Collection) 6.2.0, GNU Binutils 2.27, and Glibc (GNU C Library) 2.24.
  • OpenWRT-Forked LEDE Releases 17.01, Presents At The Embedded Linux Conf
    This week marks the 17.01.0 final release of the Linux Embedded Development Environment (LEDE). They also presented at this week's Linux Foundation Embedded Linux Conference about their project that's a fork of OpenWRT and aims for router/embedded use-cases. LEDE 17.01.0 final was released on Wednesday and modernizes many parts of its OpenWRT stack, switches to the Linux 4.4 kernel (from Linux 3.18), updates many pieces of key software, adds additional security features, improves networking support, and has a wide variety of other improvements.
  • 4MRescueKit 21.0 Has Antivirus Live CD 21.0-0.99.2, 4MRecover and 4MParted 21.0

Linux Kernel News

  • Linux Kernels 4.9.13 and 4.4.52 LTS Bring Updated USB Drivers, Networking Fixes
  • Linux Kernel 4.10 Gets Its First Point Release, It's Now Ready for Deployment
    Well, that didn't take long, and it looks like the recently released Linux 4.10 kernel series just got its first point release today, Linux kernel 4.10.1, marking the branch as stable and ready for deployment in stable OSes. Linux kernel 4.10.1 comes only one week after the release of Linux 4.10, which is now considered the most stable and advanced kernel available for any GNU/Linux distribution that wants to adopt it for their users, so you can imagine that the changes are quite small in number. According to the appended shortlog, a total of 21 files were changed in this first point release, with 259 insertions and 52 deletions.
  • GNU Linux-libre 4.10-gnu is now available
  • GNU Linux-Libre 4.10: GPU Drivers Remain The Most Frequent Offenders
    The GNU Linux-libre 4.10 kernel was released last weekend just after the official Linux 4.10 kernel release while I hadn't noticed the de-blobbed kernel release until today. The Linux-libre folks continue to criticize the open-source GPU DRM drivers as being offenders for using binary blob firmware/microcode. GNU Linux-libre for those that don't know is the FSFLA effort to de-blob the mainline Linux kernel by removing support for loading binary-only modules as well as stripping out drivers or portions of driver code that rely upon closed-source/binary-only firmware/microcode images, which is quite common among newer hardware.
  • AMD's Ryzen Will Really Like A Newer Linux Kernel

Today in Techrights

FreeBSD-Based TrueOS Operating System Gets New Jail Tools, Automounting Feature

The developers of the FreeBSD-based TrueOS operating system (formerly PC-BSD) announced the release and general availability of a new stable build versioned 2017-02-22. Read more