CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 21st, 2008

Tibetan Communities Under Targeted Attacks

Various targeted cyber attacks have been taking place recently. The attacks generally start with a very trustworthy looking e-mail, being spoofed as originating from a known contact, to someone within one of the Tibet communities. In some cases, messages have also been distributed to mailing lists. These messages however contain malicious attachments. These are either CHM Help files with embedded objects, Acrobat Reader PDF files with exploits, Microsoft Office exploits, LHA files exploiting vulnerabilities in WinRAR, exploitation of an ActiveX component through an attached HTML file.
Here’s a sample attachment and its current AV:

File name: reports_of_violence_in_tibet.ppt
MD5: 977a4ac91acf5d88044a68f828154155

AntiVir 7.6.0.75 2008.03.20 EXP/Office.Dropper.Gen
Avast 4.7.1098.0 2008.03.20 MPPT97:CVE-2006-3590
BitDefender 7.2 2008.03.20 Exploit.PPT.Gen
F-Prot 4.4.2.54 2008.03.19 File is damaged
NOD32v2 2964 2008.03.20 PP97M/TrojanDropper.Agent.NAI
Webwasher-Gateway 6.6.2 2008.03.20 Exploit.Office.Dropper.Gen

At this moment, Antivirus vendors are not proving effective against the samples distributed in this ongoing attack. Often there are similar samples returning, just slightly edited to prevent them from being picked up. Most of the time, the samples then drop very raw trojans that are not restricted much in ability. This means that just investigating the trojan does not always reveal the target data. When investigating such attack, it’s actually necessary to find out which commands were submitted to discover what data was actually targeted. So far, there are attacks that specifically searched the file system for Word documents, e-mail contents and PGP keyrings.

It seems the attacks are targeted against proesting Tibet communities. These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.

Share this item with others:

More on CyberInsecure:
  • Anti Fraud Site Bobbear.co.uk Hit By A DDoS Attack
  • U.S Schools Are Targeted In Malware Spam Campaign
  • Fully-patched Adobe Reader 8.1.3 and 9.0.0 Vulnerable To New In-the-wild Attacks
  • Targeted Malware Attacks Exploiting Internet Explorer 7 Vulnerability
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks

    • Posted in Targeted Attacks | Print This Post Print This Post

    This entry was posted on Friday, March 21st, 2008 at 12:40 pm and is filed under Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Tibetan Communities Under Targeted Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »