14 DAY TRIAL // Even though a large number of malicious tools originate from the country with the most inhabitants on the planet, security researchers present at the Virus Bulletin conference in Barcelona believe that most of them are unsophisticated and full of bugs.
According to Threat Post, unlike the bots fabricated in Russia or the USA, the ones originating from China are unable to perform stealthy denial of service attacks. They seem to be really noisy and their biggest difficulty is to stay hidden.
Malware that launches slow HTTP DDoS attacks is the most successfully deployed by cybercriminals, as instead of sending a large numbers of requests to a target, these type of hits break up TCP requests into smaller parts and because the procedure takes longer to complete, the whole thing is harder to detect.
Jeff Edwards, a security analyst at Arbor Networks, revealed at the conference that "A lot of it has the feel that it was chopped up and hacked together. There's a lot of sloppiness everywhere with blatant flaws."
Arbor Network researchers discovered that Chinese bots will most often target smaller websites and for some reason many of them are specially designed to attack only certain site categories, such as the ones belonging to food processing equipment manufacturers.
"There's virtually no rootkit behavior and no real attempts at hiding," Edwards revealed. "There are a ton of these families cropping up all the time, at least one a week. There's a ton of code sharing across families and there's little or no stealthiness."
Hacking operations originating from China have been a topic of discussion on many occasions within US Congress meetings. Even though so far they're easy to predict and to combat, it can be expected that they'll evolve in the upcoming period.
Sophistication “hasn't show up in the Chinese DDoS space for some reason," but it might just be a matter of time until they reach the next level, as we've already seen capable hackers at work coming from that part of the world.