Jianwei Zhuge, Chengyu Song, Jinpeng Guo, Xinhui Han, and Wei Zou of Beijing University and Thorsten Holz of Mannheim University have written an excellent study of the Chinese underground economy titled Studying Malicious Websites and the Underground Economy on the Chinese Web.

Malicious software (malware) has become much more than a nuisance. Hacking has evolved into a profitable commercial activity in China that focuses on online gaming and digital currencies. The study breaks down the participants and the tools that facilitate the trade. It’s the most comprehensive analysis to date on the subject.

Market participants
The study identifies six basic actors in the underground economy:

- Virus writers: developers who write malware for profit

- Website masters/crackers: website masters will attract victims with freebies and redirect them to malware-infected sites; website crackers hack vulnerable websites and redirect traffic to malware-infected sites

- Envelope stealers: users of malware to steal user IDs and passwords (hence “envelopes”) who then sell the harvested account information

- Virtual asset stealers: purchasers of envelopes that they use to steal virtual assets such as online game assets or virtual cash

- Virtual asset sellers: distributors of virtual assets (not necessarily stolen) via online shops

- Players: purchasers of virtual assets

Marketplaces
Virus writers, website crackers, envelope stealers, and virtual asset stealers meet and interact through online forums and bulletin boards.

Sales of tools and user data are made at online shops on such platforms as Taobao, PaiPai, and Ebay.

Prices
Some pricing examples cited in the study:

- Malware: “tens to thousands of renminbi”, some trojans can cost tens of thousands of renminbi

- Redirected traffic: “40-60RMB per ten thousand IP visits”

- Envelopes (user ID & password): “some jiao (1 jiao is one tenth of 1 renminbi) to tens of RMB”

- “Flesh chicken” (Chinese slang for a compromised PC): same as envelopes

- Virtual assets: 10 to 10,000RMB

- QQ coins (QQ coins are Tencent’s virtual currency) by asset stealers: 0.2-0.3RMB per coin (the “official” rate is 1 QQ coin=1RMB)

- QQ coins by asset sellers: 0.5-0.8RMB per coin

Highly recommended.

ShareThis