X

The botnet threat in China's censorship software

Programming errors in the Beijing-mandated Green Dam filtering software could let bad guys take control of PCs using it.

Tom Espiner Special to CNET News
2 min read

Experts have warned of serious security flaws in the Chinese government's censorship software, which could open the door to hackers creating huge botnets.

Programming errors in the Green Dam Youth Escort software, which the Chinese Ministry of Industry and Information Technology said Tuesday must be preinstalled on all new computers in the country, are at the root of the flaws, according to experts from the University of Michigan.

Green Dam warning notice
This message pops up on PCs when the Green Dam software spots banned phrases. University of Michigan

"Once Green Dam is installed, any website the user visits can exploit these problems to take control of the computer," wrote the university's researchers. "This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet." The warning came in a paper published Thursday by researchers Scott Wolchok, Randy Yao, and J. Alex Halderman.

The Green Dam software filters content by blocking URLs and Web site images and by monitoring text in other applications. The filtering blacklists include both political and adult content.

The researchers said that after only one day of testing Green Dam, they discovered programming errors in the code used to process Web site requests. These would result in buffer overrun conditions on all computers running the software, they said.

"The code processes URLs with a fixed-length buffer, and a specially crafted URL can overrun this buffer and corrupt the execution stack," said the researchers. "Any website the user visits can redirect the browser to a page with a malicious URL and take control of the computer."

The researchers built a proof-of-concept program to demonstrate the flaw and said it would crash any computer running Green Dam.

In addition, Green Dam can be used to install any other program on a computer, via a blacklist vulnerability. This problem would allow Green Dam's makers, or a third-party impersonating them, to execute arbitrary code and install malicious software on the user's computer, after installing a filter update.

Chinese government news agency Xinhua reported that Jinhui Computer System Engineering, which developed Green Dam, had said the software was not spyware. "Our software is simply not capable of spying on Internet users, it is only a filter," Jinhui is quoted as saying.

The Xinhua article did not address whether the filter itself could be used to upload spyware.

The University of Michigan researchers recommended that anybody running Green Dam uninstall the software immediately. However, according to a translation of feedback on Jinhui's user forum, teachers and educational establishments have no choice but to use the software.

"Let me say something here," wrote one teacher. "We were forced to install the software. So I have to come to this website and curse. After we installed the software, many normal websites are banned."

Currently, Green Dam is only optimized for Microsoft's Internet Explorer browser, according to leaked technical specifications posted on the Wikileaks website.

Tom Espiner of ZDNet UK reported from London.