Cyberspace is becoming a new battleground for the United States and China, amid growing concerns about Chinese industrial espionage through various types of computer worms, security experts say. At least one "Trojan horse" program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets, say analysts.
Security firms have long been concerned about various types of malicious software used to steal files or passwords. But some newer programs seem designed as a more sophisticated and targeted effort.
Joe Stewart, a researcher with the US security firm Lurhq, said that by reverse-engineering a recent PC worm known as Myfip, he found a clear connection to China.
"All the e-mails we've traced back with this particular attachment came from a single address in China," Stewart told AFP, adding that it was "highly likely" that the program was used for espionage against US high-tech and manufacturing firms.
Stewart said the program appeared to have been originally developed as a way to steal student exam papers and then expanded so that it can now copy many types of documents, including computer-assisted drawings and Microsoft Word files.
Forbes magazine, which first reported the Chinese origin of Myfip, said the worm had been propagating by spam e-mails that activate the program when recipients click on attachments. Forbes said about a dozen versions of Myfip may have been in circulation and used to steal sensitive documents including mechanical designs and circuit board layouts.
Analysts point out that tracking attacks or malicious software can be tricky because the origins can be disguised.
But Marcus Sachs of SRI International, who also directs the industry-academic SANS Internet Storm Center that monitors cyberattacks, said the evidence against China is solid.
"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks," he told AFP.
Sachs said the latest types of malicious software, or "malware," represent a new strategy by creators of the programs.
"Most of the credit card theft, money laundering and fraud is coming from Russia or former Soviet Union countries," Sachs said.
"The Chinese seem to be a bit more clever in covering their tracks and are more likely conducting covert raids for corporate secrets, rather than chasing money like their Russian organised crime counterparts."
Comments
Comments are closed.