Absrtact: Behind the glossy internet, the virus group behind the huge virus industry chain is emerging. Recently, the "first financial daily" exclusively learned that last year, the industry's concern caused by the top ten virus groups in the second largest virus group HYC case has been Hubei
Behind the glossy internet, the viral groups behind the huge "viral" industry chain are emerging.
Recently, the "first financial daily" exclusive learned that the industry has caused concern last year in the domestic "Top ten virus Group" in the second largest virus group HYC case has been basically identified by the Hubei police, the procuratorial organs will timing to the case of five criminal suspects prosecuted.
This is also September 1, 2011, the Supreme People's Court, the Supreme People's Procuratorate on the handling of computer information system security criminal cases of the application of the law on several issues, after the formal implementation of the public security organs cracked the largest computer information system security cases.
Public data show that the HYC virus group controls about 12.67% of the virus spread on the internet. The "navigation department" of the group of only 5 major members received an illegal return of about 10 million yuan from January 2010 to April 2011.
"Before we speculate that the virus group is through the interest chain on the internet temporarily composed of loosely organized, but the HYC group case cracked found that the group is a formal company operating activities as a cover of economic entities." "Jinshan Network anti-virus engineer Tiejun (micro-blog) to reporters that the entire virus group industry every year illegal profit in the hundreds of millions of scale, in the viral industry chain plays a" hand-handed "core role.
Clear division of Labor
How do virus groups operate and reap high benefits?
Tiejun said that the "group" within the strict specialization of the Division of labor, the core leader is responsible for issuing instructions, the hacker programmer according to the requirements of the virus, and then by the engineers to build the site and Web sites for burying viruses, or in well-known sites to promote the virus program, and sent a large number of the Navy in the forum to promote, thereby luring netizens, The information will be obtained through the virus and Trojan horse.
Take HYC virus group as an example, the group's main profit chain is: Make virus, spread virus, lock homepage, force modify User desktop, and then use navigation traffic to cover the present.
HYC's core personnel Hu has also been in Chengdu, a technology company to do a legitimate business-and other partners to register two IT companies operating web games, but because of poor performance, they use the company as a cover to build the navigation department to operate virus promotion, tamper with the user homepage, Force browsing the navigation station, and modify the user desktop.
HYC Group in a role for the preparation of viruses, for the virus do not kill; Another member easy to work is to contact all over the download stations, video sites, coordinated transmission of viruses. In some well-known game download station, plug-in, novel download station, network disk, adult video player, etc. to promote the group through the "camouflage" of the virus program, and according to the site traffic charges, some well-known sites each month will be charged HYC virus group 50,000 ~10 million promotion fee.
HYC, Gong, is mainly responsible for the operation of the navigation station, partners in the group using virus-bound navigation station advertising. After the netizens recruit, their clicks will turn into the income of the virus group.
In addition to using the virus to force the binding of the navigation station, the HYC virus group Another way is through the virus spread in the Internet users computer desktop can not delete the Web site shortcuts, such as Taobao Guest, Taobao seconds kill or other online store shortcuts. The virus group clicks to earn the flow by the Netizen, presses the flowmeter fee, or becomes a single, according to the proportion divides.
Throughout the spread of the virus, not only have netizens suffered, and some download sites have become victims of ignorance. But also does not rule out some small personal website stationmaster for the pecuniary benefit, by them the navigation website or the small site often becomes the virus and the Trojan flood source.
Authoritative data showed that the number of virus files transmitted by HYC Group was 848, the total infection was about 1.2 million times, and the single sample with the highest infection rate exceeded 20,000. More than 2,200 link addresses are available for virus downloads for the group.
Outsmart
The HYC virus group case is just the tip of the iceberg in the black interest chain of the virus group.
"HYC virus group mainly rely on diversion volume to make money, and did not directly invade other people's websites or steal the property of netizens, and with the increasing popularity of online shopping in recent years, there are quite a number of direct users to the Internet to buy phishing sites directly to steal the property of poisoned users, or to steal the virtual property of online gamers. "Tiejun said.
He concluded that the virus group spread the virus profit model has seven main categories, including tampering with browser pop-up ads (pricing standard is generally 6~6.5 yuan/thousand IP times), in the user computer desktop to generate shopping site shortcuts (according to the flow meter fee or into a single), modify the computer homepage (1 yuan/IP), Install theft Trojan theft of virtual goods, promote Internet software to earn promotional fees (0.20 yuan/installation or 1 yuan ~1.5/activation), modify browser favorites, promote the game client (each successfully registered a id,1.5 yuan ~5 yuan) and so on.
According to the above situation, each successful infection of a computer, virus promoter can immediately get about 2 yuan in return, and through the success of the virus brought about by the flow of thousands of IP to obtain about 6 yuan of income. Previous public information said that the top ten "virus group" has controlled the internet 80% of the virus download channel, the main virus group can infect about 200,000 PCs a day. Only flow income one item, one year can profit 120 million ~1.5 billion yuan.
And China Internet Network Information Center released earlier reports, only in the first half of 2011, the 217 million people who have been attacked by virus or Trojan horse, accounting for 44.7% of netizens, and the number of Internet users who have had their accounts or passwords stolen has reached 121 million.
At present, in addition to the HYC virus group case, the old Snake group case was cracked, other major virus group cases are still in the detection.
People familiar with the matter told reporters that it would be difficult to dismantle these groups directly. Take the largest Huang (one of the top ten virus groups) as an example, they changed over a year more than 500 IP addresses, vigilance is high. More crucially, many groups have the server in foreign countries, tracing the difficulty is very high. Especially in 2011 when the virus group activity became a hot spot, the top ten virus groups in a very short period of time to adjust the virus transmission mode, to network fraud transformation, and some almost overnight disappeared.
Fortunately, now the security of the browser and anti-virus software manufacturers to improve the defense capabilities, the spread of the virus is increasing the difficulty, the impact of the virus Trojan has declined. Instead, the technology is not high because of the simple production, investment less effective, the trend is more than the spread of the virus group. It is rumored that the ' talent ' of the fishing site in the last year is very popular among viral groups. People familiar with the matter said.
Relevant data show that in May, the new phishing site was about 163,000, compared to the April quarter-on-quarter growth of 67%, the number of new interception of phishing site is about 5,254. Among them, fake Taobao, air tickets, 5173, refueling card, the phone calls fishing become the hardest hit.