Malicious programs the UK government has said are attacking key business and government bodies are being sent from computers in China, according to an email security firm.
But experts at MessageLabs said it would be inaccurate to conclude Chinese hackers are responsible for the Trojan horse attacks as the servers could be controlled remotely from anywhere.
Mark Sunner, CTO for MessageLabs, said: "MessageLabs can confirm that the source of the IP addresses originates in China. But there's a much bigger and broader problem here. The 'China' word is not meaningless but it doesn't mean they are the perpetrators."
Earlier this month the British government's National Infrastructure Security Co-ordination Centre (NISCC) claimed that waves of "industrial-strength" Trojan attacks were hitting 300 organisations in the critical national infrastructure (CNI). The CNI is made up of key financial, transport, military, health, energy and government organisations.
Although NISCC would not disclose the exact origin of the Trojan attacks, it said they were coming from the Far East.
Yesterday MessageLabs said it had intercepted 17 new Trojans that appeared to be the sort NISCC had warned of. But they were targeted at one company, not at the whole CNI. Sunner said these attacks always aim at a small number of organisations, and the terms "information warfare" and "industrial strength" were misleading in this context.
"We are not making these claims," he said. "We need to be careful that we are not influencing people that way. In the case of these targeted attacks, it's one-offs. The reality is that we've seen a number of source IP addresses in China. But when you try and trace a botnet, quite frequently you often find that it originates from another botnet."
But Bob Ayers, former director of the Computer Emergency Response Team for the US Department of Defense and MD of consulting firm Ayers & Associates, was sceptical that the attacks were coming from China.
He said: "I'm not entirely of the opinion that 'these attacks are coming from China' is accurate. It's not what I would call a government initiative — I don't see how they can know who's doing it. There's no way you can differentiate."
He added: "You can spoof a site address and make it look as if it's coming from China. The question is what is NISCC doing about it? Is it just sending out alerts? I have a feeling that it is and is providing a citizen's advice bureau."
When contacted, antivirus companies Computer Associates, F-Secure, Kaspersky Labs and Sophos refused to say where the Trojan attacks stemmed from.
Talkback
INTERNET RECOGNISES NO TERRITORY
It is premature to impute the criminal activity and intent to any particular country or region. It is commonly understood that the method of “botnets” or “zombie computers” is generally used for various wrongful purposes. The question of liability of a person, organisation or country in such a case does not arise at all because it is almost impossible to prevent a computer from being converted into a zombie. The operating systems have many loopholes and security breaches and recently the hackers have developed the mechanism of exploiting the weaknesses of “anti virus software’s” themselves. If this is the position, then imputing any sort of liability to computers used as botnets is not only unreasonable but also in ignorance of the crude reality of cyberspace. The ultimate solution is to “harmonise” the laws of all the countries by making a compatible and commonly acceptable international treaty safeguarding the cyberspace. It is not a mature action to impute the liability to a particular person, organisation, computer, region, locality or country.