Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Security / Spyware Threats

Spyware Threats

Road Paved for the Great Botnet of China

Mandatory Chinese content-filtering software poses serious security risks

By Lucian Constantin, Web News Editor

13th of June 2009, 09:37 GMT

Adjust text size:


China's new censorware suffers from critical vulnerabilities
Enlarge picture
One of the security industry's worst nightmares, a gigantic botnet of Chinese origin, might become a reality if the government in Beijing goes ahead with its plan to deploy the Green Dam Youth Escort censorship software on all new PCs sold in the country, starting next month. Security researchers warn that the content-filtering application suffers from critical design flaws, which can allow attackers to take control of computers.

The Green Dam Youth Escort is part of the Chinese government's efforts to control what its citizens can access over the Internet, and serves as an extension to the already functioning nation-wide firewall, informally referred to as the Great Firewall of China. The application is able to filter adult explicit material or politically sensitive content by blocking URLs and images specified in several blacklists. It can also be used to monitor text in other programs installed on the computer.

"After only one day of testing the Green Dam software, we found two major security vulnerabilities. The first is an error in the way the software processes web sites it monitors. The second is a bug in the way the software installs blacklist updates. Both allow remote parties to execute arbitrary code and take control of the computer," announce computer experts from the University of Michigan.

Furthermore, resolving these two issues would be of little effect to the overall security of the application. Large portions of the code are unsafe by design, since the developers made extensive use of deprecated C string processing functions such as sprintf and fscanf. "While the flaws we discovered can be quickly patched, correcting all the problems in the Green Dam software will likely require extensive rewriting and thorough testing," the researchers warn.

China is already a big source of attack traffic and because of the cultural barrier attempts to shutdown abusive servers hosted in the country have most of the time proven futile. Under such conditions, the prospect of a huge Chinese botnet is frightening, as the threat would be very hard to contain or mitigate.

TAGS:

 Green Dam | content filtering | China botnet | censorship software | security vulnerability
Read by 1,296 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


DDoS Attack Leaves Five Chinese Provinces Without Internet

New Chinese Worm Allegedly Bypasses System Rollback Software

Twelve Million New IP Addresses Used by Botnets This Year

Chinese Hackers Target Australia's Prime Minister

China Netcom Subject to DNS Cache Poisoning Attack

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive