Web security firm Finjan claims to have uncovered groups distributing content using obfuscated code and a network of websites to bypass traditional security, including one site belonging to a Chinese government office.
Finjan's Malicious Code Research Center said that it discovered a centralised group of activity based in China after investigating a sophisticated attack that used zero-day exploits and other new hacking techniques.
The company's researchers found that some parts of the network led to Trojan sites that exploit browser vulnerabilities and install malware on the user's desktop.
"Once the user's PC has been infected the Trojan starts to send data to other websites in the network which are hard to detect," the report said.
"Additional sites in the network monitor and control the attack using statistics about how many users visit the site and how many got infected."
The Trojans also collect data from the user, including which operating system is used, the applications that are running, personal information such as user names and passwords, and the security products installed.
Finjan explained that the collected information is then fed into other sites which refine the attack.
The news comes as MI5 warned 300 UK chief executives and security experts of an increased risk from Chinese hackers.
A previous attack on UK government servers was blamed on hackers in China, while other governments have also named the country.
These include an attack on the Pentagon in September, one in France in the same month and daily internet attacks in Germany in October.
"This development is disturbing for governments, enterprises and individuals alike," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"Signature-based technologies like antivirus and URL filtering are limited against this type of attack, as the number of vectors and sophisticated structure of the network of websites can bypass traditional information security technology."
Full details of the Finjan study will be revealed later this month.
China accused of Trojan onslaught
By Matt Chapman on Dec 5, 2007 10:31AM