ZDNetAsia : Printer Friendly - Experts: Chinese censorware carries botnet risk

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Experts: Chinese censorware carries botnet risk

By Tom Espiner
Monday, June 15 2009 09:42 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62055020,00.htm

Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.

Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said on Tuesday must be pre-installed on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.

"Once Green Dam is installed, any Web site the user visits can exploit these problems to take control of the computer," wrote the university's researchers. "This could allow malicious sites to steal private data, send spam or enlist the computer in a botnet."

The warning came in a paper published on Thursday by researchers Scott Wolchok, Randy Yao and J Alex Halderman.

The Green Dam software filters content by blocking URLs and Web site images and by monitoring text in other applications. The filtering blacklists include both political and adult content.

The researchers said that after only one day of testing Green Dam, they discovered programming errors in the code used to process Web site requests. These would result in buffer over-run conditions on all computers running the software, they said.

"The code processes URLs with a fixed-length buffer, and a specially crafted URL can overrun this buffer and corrupt the execution stack," said the researchers.

"Any Web site the user visits can redirect the browser to a page with a malicious URL and take control of the computer."

The researchers built a proof-of-concept program to demonstrate the flaw and said it would crash any computer running Green Dam.

In addition, Green Dam can be used to install any other program on a computer, via a blacklist vulnerability. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer, after installing a filter update.

Chinese government news agency Xinhua reported that Jinhui Computer System Engineering, which developed Green Dam, had said the software was not spyware.

"Our software is simply not capable of spying on internet users, it is only a filter," Jinhui is quoted as saying.

The Xinhua article did not address whether the filter itself could be used to upload spyware.

The University of Michigan researchers recommended that anybody running Green Dam uninstall the software immediately.

However, according to a translation of feedback on Jinhui's user forum, teachers and educational establishments have no choice but to use the software.

"Let me say something here," wrote one teacher. "We were forced to install the software. So I have to come to this Web site and curse. After we installed the software, many normal Web sites are banned."