A new malware infected email is being sent to people on Pro-Tibet mailing lists. This is an example of a targeted attack whereby a particular group of people are the intended recipients of the malware, and in this case politically motivated.
F-Secure have investigated the malware and have concluded that it originates from China. It carries a PDF file that installs a key-logger on a recipient’s computer. The key-logger sends all of the user’s key strokes to a server located in China.
To recognise the malicious email look for the following:
- The email is forged to appear to originate from Unrepresented Nations and Peoples Organization (UNPO)
- From: firstname.lastname@example.org
- Subject: UNPO Statement of Solidarity
- First few lines of the email:
The Hague, 17 March 2008 – The Presidency of the Unrepresented Nations and Peoples Organization (UNPO), led by President Mr Ledum Mitee, expresses its solidarity on behalf of all UNPO Members with the people of Tibet in this period of extreme tensioni and reiterates its support for their decades-long nonviolent campaign against Chinese suppression.
- Has an attachment called “UNPO Statement of Solidarity.pdf”
If you receive this email or others like it, delete it.
According to F-Secure there are other similar emails that are also part of the targeted attack and may contain any of the following attachments:
- UNPO Statement of Solidarity.pdf
- Daul-Tibet intergroup meeting.doc
- Updates Route of Tibetan Olympics Torch Relay.doc
- THE GOVERNMENT OF TIBET.ppt
- Talk points.chm
- China’s new move on Tibetans.doc
- Support Team Tibet.doc
- Photos of Tibet.chm
- News ReleaseMassArrest.pdf
- Whole Schedule and Routing for Torch Relay.xls
For more information see here.