The Policy of Information Security
and Anti-Virus Activities in China
Zhang Jian
National Computer Virus Emergency Response Center
Anti-Virus Products Testing and Certification Center
86-22-66211487
Http://www.antivirus-China.org.cn
Zj@antivirus-China.org.cn
Agenda
 The policy of information security in China
 Antivirus laws in China
 Responsibility of National Computer Virus





Emergency Response Center(CVERC)
Process of CVERC
Introduction of China computer virus survey
The actual state and trend of CVERC
Punish crime that writes or distributes computer virus
Problems faced by us now
Policy and regulator
 On june 2003, State Information Leadship Group
reviewed and passed “the comments regarding the
strengthening of information security safeguard
works” in the group’s third meeting
 The National network and Information Security
Coordination Team is responsible for the
comprehensive coordination works of national
information security safeguard
Strategic Guidelines of National
Information Security Safeguard
 Proactive Defense
 Comprehensive Precaution
Proactive defense
 Solve information security problems with the
thinking of development, security amid
development, and development based on security
 Implement the information security safeguard, on
the basis of grading, classification and phase-in
 Strengthen early warning and emergency response,
on the basis of secure defense
 Strengthen investigation and crack-down on
illegal crimes
 Realize secure control of network and information
system with necessary capabilities and means
Comprehensive Precaution
 Information security comprehensive precaution
system is composed of protection, detection,
response and early warning
 Various technologies and management measures
be adopted in the areas of prevention, detection,
emergency response and crack-down on crimes
and the aspects of law, management, operation,
technology, talent, etc.
 Improve the overall capability of defending
information security through the joint efforts of
the whole society
Antivirus laws in China
Promulgation of “Computer Information
System Security Protection Ordinance of
People’s Republic of China” in 1994
- Promulgation of new “Criminal Law of
People’s Republic of China” in 1997
- Promulgation of “Rules of Computer Virus
Protection and Disinfections Management”
by PSM of PRC in 2000
Definition of Computer Virus in China
A set of codes programmed or inserted
into computer programs, which is able
to self-duplicate, harm the computer
function, destruct data and affect the
proper use of computer
- Article 28 “Computer Information System
Security Protection Ordinance of PRC”
“Deliberately program and distribute malicious
codes like computer virus etc., with the result of
affecting the proper running of computer system,
leads to destructive consequence ” will be
punished.
- “Criminal Law of People’s Republic of China”
-
-
Promulgated according to “Computer Information System Security Protection
Ordinance”
No entities or individual are allowed to publish the false computer virus
prevalence information
Anti-Virus products testing and certification institutions should conduct timely
analysis and confirmation of the submitted virus samples and report the result
to Public Network Information Security Supervision Bureau
Provide education and training to the computer information system operating
personnel of each entities
Use those computer virus protection products which obtained computer
information security system product sales license
-“Rules of Computer Virus Protection and Disinfections management ”
Antivirus organization in China
-
-
National Information Work Leading Committee is in charge of
information security work in China
Public Security Ministry and its branch are in charge of antivirus case
in China
CNCERT/CC is responsible for the coordination of activities among
all Computer Emergency Response Teams within China concerning
incidents in national public telecommunications infrastructure
networks like the Internet.
National Computer Virus Emergency Response Center that belongs to
CNCERT is in charge of virus emergency response work in China
Anti-Virus Products Testing and Certification Center is in charge of the
certification work of anti-virus products
Responsibility of National Computer
Virus Emergency Response
 Set up the national computer virus monitoring network in China








Detect and deal with the computer virus events, and submit the virus infection
report to CNCERT and the department in charge of antivirus
Provide solutions of the computer viruses for the users in China, instruct the
user to establish and implement the antivirus countermeasure
Provide technical support to related department for implementing the
policies of treating computer viruses in China
Provide rescue services for the computer users attacked by computer viruses in
China
According to the terms of law, coordinate with the Public Security Department
to punish the criminal activities using computer viruses
Implement technical collaboration and information exchange mechanism with
local and international antivirus researching organizations
Train antivirus technical and management practitioners in China
Hold computer viruses prevalence situation survey
Announce computer virus prediction
How to deal with new virus found by CVERC in China
- Virus Emergency Response Center will forward the virus sample to all anti-
-
virus companies when detecting new viruses;
Anti-virus companies should provide analysis report and virus samples after
finding new viruses;
Virus Emergency Response Center will provide the analysis report to
CNCERT , and according to the risk level to suggest whether or not to issue
virus outbreak announcement
Monitoring the new virus, if finding the information of virus writer, informing
police of detection
Upgrading of software by each of anti-virus companies;
Introduction of China computer virus survey
From 2001 to 2004, hold the national wide
prevalence situation survey in China for four
times
Hold antivirus conference two times,
antivirus experts from USA, Japan, Korea,
UK, Spain, Russia, Singapore, Philippine
and Hongkong attended the conference for
technical communion.
Computer Virus Infection Rate
100%
95%
90%
85%
80%
75%
70%
65%
60%
55%
50%
83.98%
85.57%
87.93%
73%
2001
2002
2003
2004
Frequency of Computer Virus Infection
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
2001
2002
2003
2004
1 time
2 times
Over 3 times
Virus Infection Rate in Different Period
18.00%
16.00%
14.00%
12.00%
10.00%
8.00%
6.00%
4.00%
2.00%
0.00%
2001-2002
2002-2003
2003-2004
May
Jun.
Jul.
Aug.
Sept. Oct.
Nov. Dec.
Jan.
Feb.
Mar.
Apr.
Virus damage rate
80%
64.05%
60%
40%
63.57%
49.38%
43%
20%
0%
2001
2002
2003
2004
Main channels of virus dissemination
60%
50%
40%
2001
2002
2003
2004
30%
20%
10%
0%
download or
browse
E-mail
Local network
CD-ROM or floppy
disk
The top 10 viruses in China
time
(2001,5)
（2002,5）
(2003,5)
（2004，5）
1
CIH
Exploit
Redlof
Netsky
2
Funlove
Nimda
Spage
Redlof
3
Binghe
Binghe
Nimda
Homepage
4
W97M.marker
JS.Seeker
Trojan.QQKiller6.
8.ser
Unknown mail
5
MTX
Happytime
Klez
Lovegate
6
Troj.erase
Funlove
Funlove
Funlove
7
BO
Klez
JS.AppletAcx
htadropper
8
YAI
CIH
Mail.virus
Webimport
9
wyx
Gop
Script.exploit.htm
.page
activeXCompone
nt
10
Troj.gdoor
Troj.netthief
Hack.crack.foxma
il
wyx
No.
The actual state and trend of CVERC
 Set up computer virus monitor network
Local and international antivirus vendors become the member of computer
virus emergency response team.
Computer users actively submit computer virus prevalence situation.
 Detect and solve computer virus incidents
– More than 3400 rescue emails and 3000 rescue phone calls processed in
2004
– For the 22 times of most emergent virus outbreak like “Mydoom”,
“Netsky” and “Sasser” collaborate with computer virus emergency
response team for providing virus analyzing, monitoring and solutions to
computer users in China.
Buildup special emergency response teams for important events and
period during holidays
Organize local and international antivirus vendors to set up “Computer
virus emergency response team for both the NPC and CPPCC sessions”
Monitor the computer virus activities during the period of holding
National conference, ensure the computer security.
The actual state and trend of CVERC（Continued）
 Announce computer virus pre-caution
Released 50 times of computer virus monitoring weekly
news paper in 2004
– Released 52 times of computer virus forecast in 2004
Establish antivirus propagandize area
– Collaborate with CCTV for computer virus forecast
program
– Collaborate with Xinhuanet for computer virus
forecast
– Hold webcast program with Xinhuanet
Computer virus forecast on xinhuanet
Webcast of xinhuanet
The Headlline News of Xinhuanet
Enhance the technical communion
CEO of Microsoft Great China Area
Technical communion with TrendMicro
According to the contribution for the
development of AVAR in 2003, National
Computer Virus Emergency Response
Center was awarded as the best membership
of AVAR 2003.
Best membership of AVAR 2003
Cooperate with Trend Micro Incorporated and
set up TrendLab China for tracing
international computer virus development
trends.
Trend Lab China
Detect virus PE_MINCER.A
Detect virus “Hedong”
Detect virus “WORM_MYBA.A ”
Discover and detect “WORM_MUMU.A”\
The problem faces us now
-New users continuously increase while lacking of
appropriate security knowledge and techniques;
- Lacking of a full effective computer virus protection and
disinfections training course
- Young people lack of legal knowledge regarding computer
security
-Lacking of Nation level computer monitoring and pre-caution
system
Our Goal
Effective punishment
Insuring Recovery
Celerity reaction
Timely Find
Active Prevention
Thanks
National Computer Virus Emergency Response Center
Anti-Virus Products Testing and Certification Center
Http://www.antivirus-China.org.cn
Zj@antivirus-China.org.cn