Chinese Hackers Dispatch PRISM Associated Harmful E-mails for Disseminating Malicious Software

Brandon Dixon, Security Engineer and operator of the 9bplus blogging site has said that the Chinese team of hackers, which was recently uncovered as the perpetrator responsible for the NetTraveler espionage assaults continuing from 2004, has begun exploiting people's widespread enthusiasm about PRISM the surveillance program of NSA (National Security Agency) towards getting Internauts to view malevolent files attached in e-mails, thus published theregister.co.uk dated June 19, 2013.

The expert stated that he found one e-mail that was titled "CIA's Prism Watchlist."

According to him, the target for which the e-mail had been crafted was certain A/C on Yahoo connected to the Mundgod, India-situated Regional Tibet Youth Congress. Seemingly, the id from where the e-mail originated was spoofed to show as Jill Kelley's, the lady who'd complained about harassment that resulted in a probe that in turn resulted in David Petraeus' resignation the person who formerly headed the Central Intelligence Agency.

Dixon wrote that the attachment in the fake e-mail was a Word file labeled "Monitored List 1.doc" that carried malware created for abusing the CVE-2012-0158 security flaw earlier of interest to the NetTraveler attackers' team.

He noted that it was funny how the criminals were maintaining their identical methods as well as infrastructure in spite of getting fully ousted. Moreover, the kind of behavior expressed indicated shoddy operational security, the expert added. Softpedia.com published this dated June 18, 2013.

Dixon further wrote that the e-mail's message body was filled with content making little sense although mentioned Edward Snowden, who was an NSA contractor before leaking about the agency's surveillance program and thus getting sacked; the PRISM; as well as the CIA. On opening the attachment in the malicious e-mail, the file would create many more files and add them onto the affected PC's hard-drive. A particular file among those created was labeled "dw20.exe" that NetTraveler had utilized before, it had been observed, explained Dixon. Threatpost.com published this dated June 18, 2013.

Although failing in locating the C&C server or the Internet Protocol address for the e-mail scam, Dixon is sure there are possibly more electronic mails lurking similar to that he discovered.

» SPAMfighter News - 6/24/2013