Coding Range

Let’s draw a thought picture: Start by observing that Windows doesn’t sell anywhere near as many licenses in China as PCs in China.

— Mark Newton (@NewtonMark) March 11, 2013

So go out on a limb and say that “most” PCs in China are running a pirated OS. So they’ll lack access to patches, among other things.

— Mark Newton (@NewtonMark) March 11, 2013

So they’ll be more susceptible to infection from malware.

— Mark Newton (@NewtonMark) March 11, 2013

Then look at how botnets operate: Essentially randomly distribute malware attack packages, hoping some stick.

— Mark Newton (@NewtonMark) March 11, 2013

Due to unavailability of patches, a higher proportion of attempts will “stick” in China.

— Mark Newton (@NewtonMark) March 11, 2013

So your randomly-selected botnet will have a disproportionate representation of Chinese IP addresses.

— Mark Newton (@NewtonMark) March 11, 2013

Now aim your botnet at some target. Corporate, Govt, doesn’t matter. A disproportionate amount of attack traffic will come from China.

— Mark Newton (@NewtonMark) March 11, 2013

Hey Presto! You’re now indistinguishable from a CHINESE GOVERNMENT SPONSORED FUNDED CYBERWAR DERP OUTFIT. Congratulations. Win a prize.

— Mark Newton (@NewtonMark) March 11, 2013