Supporters of Tibetan Cause Targeted with Spam Mails

Organizations and activists supporting Tibet's cause presently appear as a highly targeted group so far as malicious attachment-included e-mails are concerned wherein the e-mail distributors continuously frame fresh and varied campaigns designed to contaminate target PCs, reports Help New Security dated April 16, 2012.

Recently, Alex Lanstein, security researcher at FireEye spotted one intriguing instance of such an electronic mail when he was doing an ongoing supervision of the mentioned 'spam' schemes.

Having found an interest in assessing the unsolicited e-mails and wanting to make public his discoveries, Lanstein dispatched one electronic message to numerous people aggressively getting targeted possible because he got their e-mail ids from Virus Total. The message asked the recipients whether they'd let themselves be talked about within a blog post as recipients of the spam mails.

Lanstein wrote in the e-mail that he wished for posting an entry on his company website regarding some attacks as well as cite the reader by name. According to him, he was already aware of the spam attack targeting the reader still he wanted the person's permission since no IT expert would have included the malicious attachment, and certainly not the reader himself. Softpedia.com published this on April 16, 2012.

But the fact is that Lanstein's e-mail id had been spoofed, the actual id of the e-mail writer being of some other spam source.

Besides, included in the e-mail is a Portable Document Format (PDF) file as an attachment, which conceals malware that Trend Micro detected as TROJ_PIDIEF.KFR. This file has been made password-protected so no anti-virus software maybe able to detect it.

When successfully on a PC, Trojan Pidief abuses familiar security flaws for planting a JavaScript, which pulls down the BKDR_INJECT.KFR backdoor.

Typically, this backdoor links up with a China-situated command and control server for dispatching information like passwords, IM addresses, files and drives lists, or other sensitive details.

Importantly, there's an ongoing analysis of the Trojan responsible for triggering the spam attacks, based on which security specialists in general advise that users should particularly shun viewing suspicious attachments despite them appearing as arriving from any authentic source.

Related article: Spreadsheets Cracking Through Due to Inadequate Security Scrutiny

» SPAMfighter News - 4/23/2012