In China, the going rate for a flesh chicken is anywhere from 0.1 to 10 renminbi. (10 renminbi equals 1.34 dollars.) A flesh chicken is what we in the West call a zombie computer -- a compromised machine that does the bidding of someone other than the legitimate owner. In Mandarin, according to a fascinating new report on the world of Chinese malware, the words "chicken" and "machine" sound similar, thus the pun.
In other parts of the world networks of flesh chickens are put to use generating spam for penis enlargement pills or, as another equally riveting new report tells us, pro-Ron Paul propaganda. But in China, the main goal in gaining control of user machines is to capture the passwords and usernames that allow access to online game worlds or the virtual currency employed in China's hugely popular QQ instant messaging network. (Thanks to Boing Boing for the link.)
The black market for stolen virtual items in China is thriving, complete with an elaborate underground ecology in which multiple shady actors combine to perform various roles. Virus writers sell software to Web site owners designed to exploit every brand-new vulnerability that emerges in Web browser applications or other popular Chinese programs used in online activities. Once the Web-based virus infects a user's machine, it is redirected to other Web sites that install custom-made Trojans designed to grab passwords and usernames and then automatically log on to virtual words for the purpose of stealing desirable items.
The ludicrous aspects of this are hard to ignore: one demand driver, say the report's authors, fueling black-market activity earlier this year was a frenzied desire to vote online in the Chinese Super Voice Girl contest (an analog to "American Idol"). A vote cost one QQ virtual coin. During the contest, the going rate on the black market for a QQ coin jumped as Chinese citizens paid real money to buy fake money so they could vote for fake singers aspiring to be real singers. This makes How the World Works very happy.
A more somber question would be to wonder why the Chinese government, which is tireless in ensuring that any peep of politically provocative online discourse is immediately squelched, turns a blind eye to a status quo in which, according to the report, about 1.5 percent of the 145,000 most commonly visited Chinese Web sites attempt to infect visiting computers with malware? Maybe it's because, as the authors note, the illegality of virtual theft is not well established in Chinese law. Who cares if Chinese teenagers are stealing each other's virtual magic swords?
But, of course, there's no limit to what uses botnets can be applied. They can generate denial-of-service attacks that cause economic harm to legitimate enterprises. Or, even worse, wreak havoc on the American political process! On Wednesday, Wired News covered a report released this week by SecureWorks researcher Joe Stewart that provides new details on the three-day spate of automated pro-Ron Paul spam that drenched the Internet in late October.
The facts as presented by Stewart seem pretty straightforward. A botnet operator somewhere in the Ukraine who usually sells his services pushing penis pill, replica watch, or work-from-home spam employed his 3,000-bot-strong network to send a selection of Ron Paul-related messages to a list of 162,211,647 e-mail addresses. Stewart outlines a fairly sophisticated operation, including screen shots of the software front-end employed by the mysterious "nenastnyj."
I will now fruitlessly attempt to fend off the inevitable outraged slew of Ron Paul fanboy outrage headed in my direction by noting that How the World Works has no particular ax to grind with respect to Paul. As the author, 10 years ago, of a book on bots, I would be equally obsessed if presented with evidence that a mysterious Eastern European botnet-for-hire operator had sold his services to someone who wanted to flood the Net with pro-Hillary or pro-Obama spam. (And come on, admit it, the part of the SecureWorks url that reads threat=ronpaul is just plain cool, and must capture at least some of the nervousness other Republican candidates feel as they witness his fundraising success.) The significance of the Ron Paul botnet has nothing to do with alleged media conspiracies against the man -- it is inherently interesting as a signal of what is to come. Botnets can and will be used for reasons beyond the mundane pharmaceutical or make-money-fast spam. In China, flesh chicken zombie computers are employed to amass virtual currency and other items. And in the Ukraine, at least once so far, they've been employed for political purposes.
What's next?
Shares