Chinese Trojan Spam Virus Attacking Websites

Since installing Google Analytics I have been checking my webstats on a near daily basis. However, because of my lack of blogging over the last few weeks I have also been monitoring the stats less. Today I learnt my lesson that maybe I should maintain a daily watch. Over the last few days (yesterday in particular) there has been a dramatic spike in the number of visits to my site despite no new blog posts being added.

Looking at the data in more detail it appears a lot of traffic is being generated out of China by a site called qq829.com

Looking into this some more there is this thread on a lot of traffic appearing from China and on the Google Analytics forum.

Furthermore both HubPages and Symantic have information on the Trojan that is causing the problem.

At this stage it does not appear that my website has been infected with Malware or compromised in anyway, however, please ensure that your antivirus software is up to date as this particular Trojan could be costing you a lot of traffic and could potentially cause other problems.

Furthermore I have now blocked traffic originating from the qq829 website, other people are blocking all of China but at this stage I am not considering it.

If you are facing similar weird problems with bursts of traffic to your site you can block the qq829 website by adding these lines to your .htaccess file.

SetEnvIfNoCase Referer "^qq829" TOBLOCK=1
SetEnvIfNoCase Referer "^cnzz" TOBLOCK=1

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=TOBLOCK
</FilesMatch>

deny from 219.232.240.0/20
deny from 203.171.224.0/20