More than half of the malware coming out of China aims to steal passwords from unsuspecting computer users, a security research company said Tuesday.
And nearly half of that malicious code originating from China -- 45% -- targeted online gaming login information during October, U.K.-based Sophos said.
"Given the ever growing popularity of online gaming here in the U.S., these are worrying numbers. The hackers' technology is growing more sophisticated and more targeted every day," said Ron O'Brien, senior security analyst in Sophos' Burlington, Mass. office. "Criminals can wreak havoc by stealing money or someone's identity, all because a person wanted to play a game."
A substantial fraction of the remaining password-stealing malware was designed to hijack usernames and passwords from a Chinese-language instant messaging client, "QQ." Although gaining access to a user's IM client "may not seem like the end of the world," said O'Brien, the danger is that the stolen password may be one used for multiple purposes, including accessing a user's bank account or other protected data.
China is frequently pegged as a major source of malware attacks, phishing attempts, and spam. The country has held the number two spot in the list of the world's worst spamming nations for some time; in the third quarter of 2006, it accounted for 13% of the world's spam, for example.