W32/HLLP.Philis variants spike in China
Monday November 6, 2006 at 3:44 pm CST
Posted by Allysa Myers
Within the last month we’ve seen a spike of new W32/HLLP.Philis variants being posted primarily on Chinese sites. This goes to further underscore the point in our last blog about the importance placed in the malware authoring community of frequent new variants and the recurrence of parasitic infectors.
What makes this particularly notable is that most of these virus-laden postings were from links included in blog and forum posts.
Comment spam is nothing new, malware-related comment spam has specifically been reported for a number of months. This serves as a reminder that malware authors are constantly keeping up with trends in technology. Regardless of whether something is reasonably new, if it’s something that’s popular it’ll be a good “return on investment” for their malicious purposes.
November 9th, 2006 at 11:39 am
[…] Trackback It would seem MySpace is looking at the possibility of expanding to China, while at the same time Chinese websites are experiencing a significant amount of traffic in malware comment-spam. It seems to me, unless MySpace gets significantly more involved in making sure the possibility of the XSS vulnerabilities that were used by previous malware are covered, this could be a recipe for disaster. This is a potentially huge source of revenue for the people at News Corp, but also for adware affiliates and malware distributors. […]
February 14th, 2008 at 10:07 am
[…] The malware “workers” are reportedly paid a commission of 0.5 cents RMB (renminbi, or yuan) per stolen password, and the top performer was believed to have made as much as 7,000 RMB in a month. The stolen passwords in turn were sold to a broker, where the virtual gold or “QQ coins” harvested from the stolen accounts and often used for online gaming, were traded for real money. This has been a very profitable modus operandi for many virtual gold seekers, leading to the increase in game password stealers since 2006. […]