Chatting online with instant messaging programs is more popular than ever, but the problem of viruses and hackers seems to be growing as well.
"I had no idea that criminals had hacked my QQ Messenger account and spied on my chats with my mother," Joyce, a Chinese student in Canada, told the Global Times Saturday.
Joyce, who only gave her English name, has been studying in Canada for four years. Chatting on QQ Messenger, an instant messaging service provided by Tencent Inc, with her mother is a routine part of Joyce's life. But since early September, it has turned into a nightmare.
At the end of August, Joyce was busy changing apartments and seeing friends. "So I sent a message online to my mom, saying I wouldn't chat for several days. The message, however, was intercepted and made use of by criminals, who disguised online as me and cheated my mom out of over 100,000 yuan ($15,780)."
The hackers pretended to be Joyce, and said "she" was in urgent need of money to pay back a loan. Seeing the message, her mother transferred the funds.
Pitfalls in disguise
QQ Messenger has a dominant share of the domestic PC-based instant messaging market, with some 783 million active accounts in China, according to the financial report for the first half of 2012 released by Tencent on August 15.
Technically speaking, hacking a QQ Messenger account is not difficult, an IT technician from Beijing who said he used to hack QQ Messenger accounts for fun, told the Global Times.
"Hacking QQ Messenger accounts does not require advanced skills. Video tutorials are available easily online. Some Internet café employees also install Trojan viruses on the café's computers to steal the accounts of the users," said the technician, who wished to remain anonymous.
Trojan and phishing viruses are two common methods for stealing confidential data such as messenger account details, a network security engineer surnamed Wang from Hangzhou told the Global Times.
Trojans are often hidden in pornographic websites or those for downloading software or e-books. Once users log onto these websites and press certain keys, the malware is installed on their computers.
"Unlike computer viruses that inject themselves into other files and merely disrupt the functions of a computer, Trojans can steal information by allowing the hacker unauthorized access to a computer," Wang said.
Phishing websites look like authentic websites, and are highly deceptive for Web users. But without carefully studying domain names of these phishing websites, Web users tend to fall into the trap, he said.
Crime chain
QQ Messenger users used to worry about theft of their virtual assets, such as QQ coins and virtual weapons for online games. But today, their real money is also at risk, Economic Information Daily, a newspaper run by the Xinhua News Agency, reported on September 4.
Tencent revealed in July that theft of QQ Messenger accounts used to be an activity confined to certain individuals, but that it is now more organized and criminal gangs have become involved, the report said.
There is even a chain to the process now. First, somebody writes a Trojan program. Then others are responsible for infecting users' computers with it. The account information is then sold to people who intend to use the accounts to swindle information or money out of the victims.
In March, Chongqing police arrested an 18-member gang that had raked in over 6 million yuan in profit by hacking some 10 million computers in the previous year, according to a report by Chongqing Evening News in May.
The gang ran a shop on taobao.com, selling virtual coins for games and QQ Messenger accounts they had hacked. One of the suspects, a 24-year-old second-year postgraduate at a university in Wuhan, Central China's Hubei Province, earned some 100,000 yuan every month from writing Trojan programs for the gang, the report said.
One hacker, who was contacted through QQ by the Global Times, said, on condition of anonymity, that the income people can make varies a lot, depending partly on how many accounts they can sell and the types of accounts on offer.
"Five-figure QQ Messenger accounts, the earliest of their type used in China, can sell for 6,000 to 7,000 yuan or even higher. But accounts with nine or 10 figures are very cheap, and some even sell for only a few yuan," he said.
Thorny issue
Families of overseas students in China have become a major target of QQ Messenger account hacking. The reason is simple: The high cost of long-distance calls makes instant messaging a popular alternative. Also, families who can afford overseas education tend to be relatively affluent, experts told the Economic Information Daily.
However, the problem is also rampant domestically. Li Yumin, who lives in Beijing, told the Global Times Friday that she was almost cheated several days ago after the QQ Messenger account of one of her former teachers was hacked. She got a message, apparently from her teacher, saying she needed a loan urgently. Fortunately, she called her teacher to check.
Tencent told the Global Times that it has no statistics for how many QQ Messenger accounts have been hacked, but Beijing Rising Information Technology Co said in July that it has observed a worrying change in the nature of computer viruses.
There appeared to be a smaller number of new viruses being produced during the first half of 2012 compared with 2011, but more of these viruses were targeting personal information, rather than simply stopping computers from functioning, the company said.
Meanwhile, even though many people have suffered losses as a result of hacking, if the amount of money they lose is not large, the police will generally not get involved. And even if the cases are filed, it can be difficult to trace the IP address of the criminals, engineer Wang from Hangzhou told the Global Times.
Some experts have pointed out the urgent need for new measures to protect virtual assets. Existing legislation deals mainly with assets like income, savings and physical property, rather than virtual assets, Shi Guangshun, an associate professor with the College of Information Technical Science of Nankai University in Tianjin, was quoted as saying by Economic Information Daily.
"For users, one way they can protect themselves is to check regularly and remove viruses. They should also be careful when getting attachments or links from strangers, and avoid logging onto unknown websites for downloading software," Tang Wei, a senior Web security engineer with Beijing Rising Information Technology, told the Global Times.