Connect with us

Hi, what are you looking for?



China’s Cybercrime Marketplace Boomed in 2013: Trend Micro

2013 was a good year for cybercriminals in China, according to a new report from Trend Micro.

2013 was a good year for cybercriminals in China, according to a new report from Trend Micro.

By all indications in the report, China’s cyber crime market was bustling in 2013. Between March 2012 and December 2013, Trend Micro monitored nearly 500 chat groups communicating via the QQ instant messaging service.

 By the end of 2013, the firm had obtained 1.4 million publicly available messages from the groups it was monitoring. According to the report, the number of messages in the groups doubled in the last 10 months of 2013 compared to the same period in 2012 – a sign of serious growth in cybercrime activity. 

“Based on the ID of the senders, we also believe that the number of participants has also doubled in the same period,” blogged Lion Gu, a senior threat researcher at Trend Micro.

QQ, which is developed by Tencent, is a popular way for buyers and sellers in the underground to talk. Often, the groups peddling crimeware use certain jargon to help new visitors find what they are looking for, according to the report. 

Advertisement. Scroll to continue reading.

“The ads for underground products and services are always shorter than those found in dedicated underground forums or websites,” the report notes. “Unlike the latter, however, the ads on QQ are more frequently updated. By determining popular words used for underground products and services, one can identify which QQ Groups would be useful to monitor then review the activities of those with the biggest number of users.”

The most sought-after products and services in the Chinese underground market are compromised hosts, DDoS attack services and remote access tools. Botnets went for a variety of prices. A botnet with 100 Windows XP bots for example cost $8; one with 100 Windows Server 2003/2008 bots cost $48.

Two of the most popular DDoS attack services offered are SYN flooding and HTTP GET flooding.

“Cybercriminals who want to launch DDoS attacks can purchase DDoS kits from the Chinese underground,” according to the report. “DDoS kits refer to tools that allow a remote user to control several systems to send a large amount of network packets to a target site. Apart from SYN and HTTP GET flooding use, DDoS kits can also be used for Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), ACK, and other kinds of flooding attacks. Compromised systems—either compromised hosts or dedicated servers—that would send the packets to targets are also available underground.”

These kits go for a variety of prices, ranging from $81 for a one-month rental to $323 for a year.

In addition, the country has an emerging mobile underground economy featuring SMS spamming services, SMS servers and premium service numbers.

“Cybercriminals are also going where the users are,” blogged Gu. “Many of the malicious goods being sold in the underground economy are targeted at mobile users, as opposed to PC users. A mobile underground economy is emerging in China (something we noted earlier this year), and this part of the underground economy appears to be more attractive and lucrative than other portions.”

“In sum, the Chinese underground market players are keeping pace with the developments in the security landscape,” the report states. “They no longer just peddle malicious wares to attack PC users but also to attack the rapidly growing mobile device market. This should serve as another reminder to all [computers] or any Internet-connected device to always be security-aware to live a threat-free digital life.”

The report can be read here.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...