With regard to China, we study both classical malware (worms, viruses, and trojans) and more modern forms, such as blended threats, spyware, and adware. In China, however, it is harder to differentiate between these forms than in the west, since there have been fewer cases of legal action against companies employing malicious techniques. In the west, such legal action has resulted in legitimate companies distancing themselves from the purely criminal malware producers and sticking to relatively minor malicious techniques, such as pop-up ads or tracking a user's web browsing habits. The largest western online companies have avoided even these, for the most part. In comparison, very large Chinese businesses such as Baidu and Alibaba.com will very often install software without user permission; subvert and modify the Windows kernel in order to defend themselves against removal; engage in overt click-fraud (a practice of faking clicks on advertisements in order to charge their advertising clients more); track not only browsing habits but data entered into forms; and forcibly remove competing products without permission.  These activities are relatively without stigma in the Chinese market, where the concept of electronic property is not deeply ingrained.  They do not prevent such companies from forging strong business partnerships, both in the east and the west.  Recently, legal action against such activities has been initiated but has yet to produce a significant impact.

When one moves away from the large, commercial producers of malware, China sees a disproportionate number of ID theft programs. Password-stealers and keyloggers account for more than 70% of the classical malware we have analyzed in China over the past year, and when compared to western countries China also produces more worms aimed at the theft of intellectual property and sensitive documents. In keeping with a global trend, rootkit technology is becoming more prevalent. China is of particular interest, however, because their corporate entities are often producing more effective rootkits than the purely criminal producers of malware. In both the criminal and corporate cases, profit drives the creation of nearly all malware we are seeing. Classical malware still drastically outnumbers the more modern forms in China, with upwards of 200,000 variants being introduced in the past year, according to rising.com.cn, an antivirus vendor within China. 

Government actions which impact the privacy or productivity of users in China have thus far remained beyond our scope, both because they are taken by the government and because of their implementation at the network level.  We primarily concern ourselves with government actions which would impact the private creators of malware and provide us with hints as to future trends, such as court decisions and new laws concerning the creation of viruses or theft of personal data. Most legislation regarding the use of the internet, however, appears to be targeted at preventing speech which is deemed subversive or inappropriate, and therefore has minimal impact on the behaviors we are monitoring. Most classical malware is illegal, however, and just this week Chinese authorities arrested six individuals connected with the creation of the password-stealing malware Win32/Emerleox, also known as WhBoy.

On the whole, China remains an area of rapid transition, with major players emerging and fading away quickly. So long as government regulations are met, there is a remarkable amount of freedom for corporations to utilize malicious technologies. This, combined with a strong drive to outshine the west in all things, has produced an atmosphere of acute competition between malware authors, which we have observed driving several areas of innovation in malware.