Virus E-mail Attacks Aim at pro-Tibetan Activists
Pro-democracy and human rights groups supporting demonstrations against China in Tibet are recently becoming targets of sophisticated and corrupt cyber attacks aimed to shatter the groups' activities and steal confidential information relating to their members and work.
News agency Agence France-Presses reported on March 18, 2008 that in connection with one such sophisticated attack, it got e-mail from a Denmark-based person who had sent a file attachment claiming that it contained pictures of the Chinese army shooting Tibetans. But when the agency attempted to view the attachment, a warning appeared claiming the presence of a virus.
Meanwhile, according to security experts, attackers are implanting malicious programs in e-mails claiming to be coming from reliable colleagues. The e-mail content is actually bait using social engineering to trick recipients into opening the attachment and releasing an exploit.
Chief Research Officer Mikko H. Hypponen at F-Secure explains that the exploit surreptitiously drops and executes a file named C:\ProgramFiles\Update\winkey.exe. InformationWeek published this in news n March 21, 2008.
Hypponen continued to say that the file is actually a keylogger that gathers the keystrokes on the targeted computer and sends it to another computer on the Net at xsz.8800.org. He said that this 8800.org is one DNS-bouncer system from China and while it is not false, yet it has been repeatedly used in various attacks.
Remarking about the level of sophistication in the cyber threats and attacks, provider of IT support for Tibetans, Greg Walton, who is also a researcher of Chinese computer spying at the UK's University of Sunderland, said that it is possible to make only speculations about these attacks. According to Walton, the attacks appear to come from the centrally controlled servers in China but the servers are just the stepping stones. InformationWeek reported this on March 21, 2008.
According to SANS, although the violence is observed as a recent incident, cyber attacks targeting anti-China government entities occurred earlier also back in 2002, as reported by The Register on March 22, 2008. The recent cyber attacks take place while riots erupt in Lhasa, the capital of Tibet, between protesting people and soldiers of the Chinese military.
Related article: Virus Infects Through USB Drives
» SPAMfighter News - 28-03-2008