Chinese hackers set malware to trap Vietnamese Internet users

VietNamNet Bridge – Security experts from FPT and CMCInfosec, the most prestigious technology groups, as well as VNCERT (Vietnam Computing Emergency Rescue Team), have warned against Chinese enhanced activities of setting malware and spyware to trap Vietnamese users.

Chinese hackers, internet users

The experts have noted that amid the tense escalation on the East Sea, Chinese hackers have been trying to install more malware and spyware through commonly used computer files, such as those of type “.doc” and “.pdf”, to harm Vietnamese computers. Files of type .doc are common word processing files, and those of type .pdf are used to display text and graphics.

According to a senior executive of CMC Infosec, the malware has been spread mostly through emails. If users open the files attached to the emails, they risk having spyware automatically, and surreptitiously, installed on their computers. When infected with spyware, computers tend to run more slowly, while the memory and CPU usages increase abnormally. Sometimes users can see their documents having errors or they cannot read them.

CMC Infosec has recommended users not download or open files with “.doc” or “.pdf” sent from unfamiliar email accounts, or only open the files with online applications after uploading them to cloud-based drives, such as GoogleDrive or Microsoft’s SkyDrive. Accounts on both cloud-based drives can be obtained for free.

Users have also been advised to scan files on malware scan websites, such as before opening them, and to apply the latest update patches to their versions of Microsoft Office or other software.

Nguyen Minh Duc, Security Director of FPT, the largest technology group in Vietnam, noted that Chinese hackers have in fact been trying to steal information from Vietnamese organizations and individuals for a long time. The tensions on the East Sea just give a push to Chinese hackers to strengthen their hacking activities.

“The spreading of spyware hidden in ‘.doc’ files has been carried out by Chinese hackers for a long time. And I think that a high number of computers have caught the spyware and many important documents have been stolen,” Duc said.

“You need to protect yourself by installing anti-virus software in your computers. You’d be well-advised not to open links or files sent to you via chat sites or emails, and not to open any suspicious files,” Duc said. “In case you still need to open the files, you should do so with Google Docs”.

VNCERT has given specific recommendations to state agencies that important documents must not be sent via public mailboxes and must be sent only from their agencies’ accounts. Those computers containing important information must be put under special control.

Securitydaily on Tuesday announced that the group of hackers attacking hundreds of Vietnamese websites is the one named 1937cN, which set up a website to encourage Chinese hackers to attack Vietnamese websites.

1937cN, according to, a website that ranks hackers’ groups in China, is the best-known and most powerful in the country,and is known to have carried out over 36,000 attacks. The website also claims that over 32,000 attacks have been targeted at China’s neighbors and the Vietnamese government.

It was 1937cN which conducted the attack onthe DNS of and in August 2013. Securitydaily believes that the group of hackers has carried out many attacks against Vietnamese websites with the suffix “”– that is, websites of the Vietnamese government.

Buu Dien

Chinese hackers, internet users