Could official Beijing 2008 Olympics screensavers contain malware? (update)


41 Responses to “Could official Beijing 2008 Olympics screensavers contain malware? (update)”

  1. WarLord says:


    Given the recent history of cyber attacks as war by other means commentors a bit too quick with dismissal of possible malware..

    And it really is 1936 all over again, so I guess mark me down as unimpressed by a terror regime painting the prison walls with flowers for the IOC.

  2. Teresa Nielsen Hayden / Moderator says:

    Bryan @5, puh-leeze. This is not in the Mall Ninja’s class. The author of the original article was reacting to real events, and tried to assess the actual threat level. By this time, the Mall Ninja would have sent the Chinese government a formal declaration of war.

    Absent @9, you left out the part about the former head of the Council on Foreign Relations being in bed with the Chinese.

    Jack @11, “alarmist” is arguable, but I don’t see any evidence of racism or xenophobia.

    Warlord @15, what is there about “please don’t use .sig lines” that you find so difficult to understand?

  3. Xeni Jardin says:

    @ #11 Jack, perhaps you — and any others who felt this was alarmist — would have reacted differently if I’d combined this and the immediate post which preceded it in this same topic, all into one post. I’d just blogged about very real in-the-wild (and innovative) uses of malware by do-no-gooders within China.

    There is absolutely a huge boom right now in malware related to the China/Tibet conflict, and also Russia/Georgia. Some may be linked to official sources, but a lot is not.

    These two posts were intended as a sober, non-hysterical evaluation of what some of the most recent examples are, and the questions some folks on the other end are asking when they experience anomalies during a time when greater caution in some situations is totally warranted.

    The headline is a question, it presents a user’s testimonial, and within about 30 minutes, a counter-analysis (which would have been posted at the same time, but I was waiting for permission to publicly identify the researcher).

    I know it’s fun to say “girls don’t know anything about this stuff,” or “you’re being hysterical” but I don’t feel like that would be a fair criticism here.

    A hysterical post from me typically starts with the headline ZOMGZOMG KOMUNIST CHINA IZ EATIN THA BABIES IN OUR LAPTOPS RUN FOR YR LIVES ZOMG!!!!111 DIEEE!!!.

  4. pAULbOWEN says:

    “I’m a Systems Administrator at a large university and I think I may of…

    Dear oh dear.

  5. ODG says:

    “”I’m a Systems Administrator””….
    Followed closely by “”On my Windows XP workstation, I run Symantec Corporate Anti-virus, Zone Alarm Pro,””

    Oh Dear God. For the first time in my life I have been moved to fire up I.E, create a throw away email addy all just to sign up and say –

    “’nuff said”.

    Jeeezus wept, as did I… “”I’m a Systems Administrator”” err… no you ain’t my script kiddie friend.

    Not faulting him for his observations nor for reporing it (err to boing-boing though?) because “a friend said I should”. Err ok, maybe enough ragging on the kid.

    Seriously though – is this the level of “sys admins” that we have been reduced to? Maybe he should have called Mumbai first and gotten asked if “re-booting the router / printer / camera / i-Mac” etc helped.

    End of Rant.

    • Antinous says:

      For the first time in my life I have been moved to fire up I.E, create a throw away email addy all just to sign up

      Well that certainly inclines me to gaze dewy-eyed on your prose. Perhaps you’d care to offer some credentials to go with that bowl of bile. I mean, you’ve gone to all the trouble to create a throw-away e-mail so that you could become an anonymous expert. Why stop there?

  6. Takuan says:

    there is a war on

  7. Jack says:


    I don’t see any evidence of racism or xenophobia

    The xenophobia and possible racism I’m bringing up comes from the inherent fact that if this was not related to China, I do not think you’d be seeing the over-reaction and over-analysis of the supposed incident in question. BoingBoing is a U.S. based blog whose reporters are non-Chinese and mostly caucasian. Perhaps this is being oversensitive, but seriously would this be reported if it was a Flash screen saver for a U.S. baseball team?

    Yes, malware is a plague. And malware should be brought to light, but I think it’s the job of anyone reporting on this to downplay risk until facts can be confirmed. The headline implying malware from the get-go is the real issue. Perhaps something more along the lines of “What’s Up With Beijing 2008 Screen Savers?” would be more appropriate. Pointing to the original blog post that inspired this post as the root of the confusion shuns responsibility. As a aggregator blog that filters through others and rises above the fray, BoingBoing should not fall prey to petty alarmism.

    • Antinous says:

      BoingBoing should not fall prey to petty alarmism.

      I’ve always felt that it pays to call the Fire Department when you smell smoke rather than wait until you see flames. It’s a truth universally acknowledged that the Olympics are early Christmas for purveyors of malware. How many people log onto that site? How many of them assume that it couldn’t possible be anything but perfectly maintained? How many of them thought that that little girl was actually singing at the opening ceremonies?

      So it’s probably a false alarm. Better that than a million infected computers.

  8. minTphresh says:

    for your soul!!!

  9. rasz says:

    “I run Symantec Corporate Anti-virus, Zone Alarm Pro, as well as Spybot manually”

    sadly I know this kind, those people will scream IMA BEING HAXORED when zone alarm detects a ping from outside world. Just ignore this article :(.

  10. Takuan says:

    you have no ground under your feet Jack, China warrants suspicion at this time for good and obvious reason.

  11. Takuan says:

    disinformation works on many levels.

  12. peanut says:

    Here is another website which download visitors to its site using flash based animation:

  13. corpse 1 says:

    He’s a systems administrator? Wow. Was he the only one who applied?

  14. The Life Of Bryan says:

    Reads like it was written by the Mall Ninja.

  15. Jeff says:

    Jack, don’t you know the first rule of journalism: Bad = News, Good = Snooze. It’s better to grab people with a maybe-true headline that will drawn you in. And often people respond with more interest when the headline has some Bad in it. “Mal-ware” is a perfect example.

  16. royaltrux says:

    Thanks for posting the update. Flash is not the problem here.

  17. Xeni Jardin says:

    The discussion of malware in this post and the one immediately preceding it is not racially motivated. There is ample factual evidence to support the notion that there is a high spike in China/Tibet related malware and other internet malfeasance right now, same goes for Russia/Georgia.

    I think you’re reaching for an argument that is not supported here.

  18. Elysianartist says:

    Once again in English please….Thanks.

  19. Jeff says:

    Antinous, why are you baiting her?! I know why. You crack me up.

  20. Bloo says:

    Re: not being able to explain the network connection block.

    I’m not a Zone Alarm user or expert, my professional computing work being done on a z/OS mainframe, but I’d like to offer what I feel is a rational explanation.

    Keyloggers want to send your keystrokes to a malicious entity. If a keylogger is detected, a rational response would be to shut down the means of doing so (the network connection) to try to prevent that from happening.

    In other words, my guess is that Zone Alarm closed the network connection to prevent the suspected keylogger from sending the keystrokes anywhere.

  21. hagbard says:

    Well, it was a bit slashdotty…your kung fu has no awesome. L-S-R!

  22. Jack says:

    Teresa, I’ve never really had major issues with moderation on BoingBoing, but I think the behavior of you and Xeni in this thread highlights the worst aspects of overbearing moderation.

    The initial issue is basically, BoingBoing was caught with it’s pants down by practically posting verbatim a detailed—but zero depth report—of someone who barely understands the concept of malware when they state:

    On my Windows XP workstation, I run Symantec Corporate Anti-virus, Zone Alarm Pro, as well as Spybot manually.

    As someone who works on machines daily, I can honestly say this qualification is hilarious. Desktop based scanners are notoriously paranoid and notoriously throw up red flags based on not much. Anyone doing any level of tech work for at least a month knows that the second a red flag is raised isn’t the second to claim there’s an issue.

    I’d like to think the tech-savvy BoingBoing know better than to echo statements based on that, but hey. We’re human right?

    And as far as admin/mod issues go, this echos a very similar issue many folks had with the high-profile “incident that shall not be named” that happened previously on BoingBoing earlier this summer. An issue in verifiability and honesty comes up, instead of coming clean, admins point fingers while silently “massaging” content and in the end attempt to get away with not simply admitting their errors.

    Specific to this post, the comment #17 left by Xeni was edited after the fact at least once. The very last line that begins “A hysterical post…” was not their in the first version I saw of her response. It was edited after the fact. And it’s a tad disturbing.

    Anyone writing for BoingBoing has the ability to correct/edit their main post. That’s cool and acceptable netiquette. I accept the fact I am but a lowly commenter. But when the author of the post then edits their own personal comments connected to the thread… That’s taking advantage of abilities regular commenters don’t have.

    C’mon folks. You are an alpha blog and have great content. Why not just engage in the same kind of transparency that BoingBoing seems to demand of others. It’s really disappointing to see folks who are bastions of freeness and openness not act the way they demand of others.

    And we can agree to disagree about the Chinese malware issue, but my stance is simple: China is not the only country engaged in this kind of stuff and most people already know about China’s questionable tech culture. So in my mind, the issue of Chinese malware is not news unless it can be verified; anyone visiting a Chinese site knows to watch out for falling malware. Why not sit and wait and then post when it can be verified?

  23. Takuan says:

    Jack, you miss the point. I even feel it possible that you are constitutionally incapable of seeing the point. No one can change your mind but you. All well and good, we all are who and what we are. I do clearly say though that you are verging on trespass against the honour of others here.

  24. Anonymous says:

    To state there should be no panic is irrelevant. It is not xenophobic, or racist, or alarmist.

    No one stated that China is the only country that produces malware. In fact there is nothing in that article that is racist or xenophobic against china. Only the comment posters claimed that.

    The reality is that China has long been accused and proven to have developed malicious websites, spread malware, as well as direct hacking into government departments like the pentagon. People have forgotten that last June 2007, the US defense department was hacked by the Chinese and the Pentagon had to shut down the defense secretary Robert Gates’ network. Just recently the US secret service has uncovered a huge global credit card theft ring that leads from Miami to eastern Europe and China. So, when software created in China exhibits strange behaviors, it is normal to question that behavior.

    The number of malicious websites are increasing. Some websites are using the same malicious code as defense mechanisms. Whether this is legal is not to be debated here, but there is this trend.

    For example, this particular website uses a very obscene (age 18+ years only), very graphic, yet effective means to prevent users from snooping around their website
    Such code can be easily replicated, and modified, and utilized in other ways.

    At Defcon 16, Radware presented “Jinx” which is javascript based, OS independent and can take over machines using Mozilla firefox browser pre-release 3. They are currently investigating MSIE.

    Regarding the article, Was it racist? No. Was it Xenophobic? No. Was it alarmist? No. Was it panic driven? No.

    Was the article a way to show the world the pedantic comments generated by over reacting self proclaimed computer experts who don’t believe in the existance of viruses, firewalls, malware, and malicious websites? Yes.

  25. mdhatter says:

    It’s really disappointing to see folks who are bastions of freeness and openness not act the way they demand of others.

    Sure Jack, but (No offense intended) it’s also disappointing to see intelligent people be pendantic toolbags.

    You see what I did there?

  26. Absent says:

    Don’t you all see, it’s all true. The whole Beijing Olympics are a front to spread communism and bring about the fall of the west. It all starts with the triple jump and sporting humiliation. The third reich did it exactly the same way.

  27. arkizzle says:

    ..anyone visiting a Chinese site knows..

    Which is, of course, why we’ve completely irradicated malware and viruses in 2008.

    Go Team!

  28. Teresa Nielsen Hayden / Moderator says:

    Hagbard, it’s a great big heap o’ fail to call someone a luser, but neglect to specify who you have in mind.

    Jack @19, if you were a Warner cartoon character, you’d be standing on air. Don’t look down. Instead, go back and read Xeni’s comment @17, and her previous post on this subject. Chinese malware is real, and a problem.

    Anonymous @24, para el triunfo!

    ODG @25: You know, it’s kinda boring to watch computer guys whup out their respective expertise and compare sizes.

  29. hagbard says:


    Yes, sorry. I should have used quotes to indicate that I was satirizing the slashdot style of commenting, and not myself calling anyone a l-s-r.

    And I was, to clarify, replying to Jeff in regards to ODG’s comments.

  30. Jack says:


    Jack, you miss the point. I even feel it possible that you are constitutionally incapable of seeing the point.

    It’s hard to balance your ironic posts from non-ironic posts and to understand what your actually saying of if you’re just trying to stir the pot.

    The point is simple: If somehow this same panic existed on another blog, others would call it out for what it is. As it stands, “…the mob has spoken.”

  31. Takuan says:

    panic? Dismissing most around you as “the mob”? Have I impressed you in the past with my slavish following of the herd? Reconsider, Jack, reconsider.

  32. Dark Cloud says:

    Considering recent history, I don’t think this was an overly unwarrented reaction. Sometimes the internet really IS out to get you. But really, should any computer connected to the internet or left unguarded be considered truly secure?

  33. Anonymous says:

    That’s the newest plan of the Pinky and the Brain to conquer the world.

    -¿Qué vamos a hacer esta noche Cerebro?-
    -Lo mismo que hacemos todas las noches Pinky, tratar de conquistar al mundo!-
    -Troz! ¿y cómo piensas hacerlo Cerebro? poink!-
    -Infectando todas las computadoras del mundo con un protector de pantalla descargado desde la web de las olimpiadas Pinky-

  34. Xeni Jardin says:

    @Hagbard, T-H-N-K Y-!

  35. Jack says:

    This is not only alarmist, bt bt xnphbc, myb rcst nd dfntly prnd. I’m sure other Flash-based screensavers results in the same Zone Alaram going all Chicken Little on you. But that’s not mentioned until the update.

    Rlly dsppntng. Let’s calm down a bit until this stuff can be proven and not feed the flames of B.S.

  36. Teresa Nielsen Hayden / Moderator says:

    Oh, good.

  37. Korpo says:

    This is what you get when you let “security software” do your thinking for you.

  38. LogrusZed says:

    Since they come from China I’m pretty sure they at least contain lead.

  39. aldasin says:

    FD n bngbng?
    (lks t wh pstd t)
    h, gt t. Crry n.

Leave a Reply