Anyone who works or plays online loathes hackers and other thieves who are out to steal information from you and about you. While some of the theft is relatively harmless, some malware is out to cause serious harm to computers and network systems.

Recently, DailyTech reported about the teen botnet mastermind who was arrested for stealing information from infected systems. A report published this week gives us some insight into the underground hacking economy on the Chinese Internet. Authors of the report titled, “Studying Malicious Websites and the Underground Economy on the Chinese Web”, include Jianwei Zhuge, Thorsten Holz, Chengyu Song, Jinpeng Guo, Xinhui Han, and Wei Zou. Study authors hail from Peking University Institute of Computer Science and Technology in Beijing, china and University of Mannheim Laboratory for Dependable Distributed Systems in Mannheim, Germany.

In all, the study claims that 1.49% of Chinese websites have malicious content within them. The study measures 145,000 of the most commonly visited Chinese websites and found that 2,149 of them contained malicious content. Each time a visitor to the websites containing malicious content visited that had certain software vulnerabilities in their browser or applications, the machine was compromised and some sort of malware was installed unbeknownst to the computer user. This kind of attack is known as drive-by-download-attack and the malware is typically a Trojan of some sort that harvests information and sends it to the attacker.

The study describes what it calls actors from the underground economy. The first actor is the Virus Writer, who has a certain degree of technical background allowing them to program viruses and zero day exploits. The virus writers are driven by profits says the study. On the underground market virus writers typically earn around the equivalent of $1.34 USD for the sell of Trojans they write.

A website master/cracker is the next player who attracts web traffic to a site with free goods like music or applications. These webmasters/crackers then sell the traffic to “envelope stealers” for around 40 -60 RMB ($4-$8 USD) per 10,000 visits. The envelope stealers attempt to harvest username and password combos for given sites, like online games. These envelope stealers then sell the harvested information to virtual asset stealers for tens of RMB, or around $1.35 USD. These players also sell access to infected computers for pennies to about $1.35 USD.

Virtual asset stealers buy the password, username combos from envelope sellers and then gain access to accounts in popular online games where they steal game assets like weapons and coins to sell for real world profits. What the study calls one QQ coin sells for about $0.70 USD. The final piece of the underground economy is the players who buy the stolen game goods. The study says these players are most often teenage males very into online games who spend their parent’s money.