While recently investigating a single, but widespread attack, Zhao's researchers counted more then 4 million infected computers over a one-day period.

China has an estimated 250 million computer users, so attackers can do pretty well targeting only Chinese systems. "We have a huge amount of users and a very big local market," he said.

Hackers have had a lot of success launching widespread 0day attacks against programs like RealPlayer and Adobe Flash, but they have also hit local Chinese programs, including Xunlei, QQ and UUSee.

Security is often little more than an afterthought for local software developers, Zhao said.

"In China you have all this third-party software that's very popular, but which is much less secure than Microsoft software," said Wayne Huang, CEO of Web security consultancy Armorize, which has research labs in Taiwan. Not only are exploits for Chinese programs like QQ much easier to find -- software companies tend to take much longer to patch the exploits. "QQ is not going to be able to react as quickly as Microsoft," he said.