Kaspersky Lab identified a number of e-mail messages sent to supporters of the Buddhist leader containing a MS Word file attachment. When opened, the file exploits a recently discovered hole in Microsoft's Common Controls and installs a downloader program that, in turn, installs variants of the Midhos family of Trojan horse programs on the infected system. And analysis of the malware by Kaspersky Lab shows that the command and control infrastructure used in the attacks is identical to that used by a Trojan program designed for Mac OS X systems and used in targeted attacks on the Tibetan Government in Exile.
The latest attacks were first identified on July 3 in the form of e-mail messages with the subject "Dalai Lama's birthday on July 6 to be low-key affair." The e-mail messages, sent to supporters, purport to offer details of plans to celebrate the 77th birthday of Tenzin Gyatso, the current Dalai Lama.
The Dalai Lama has had a shift to Apple products and that shift is possibly a response to the so-called GhostNet attacks against the Tibetan Government in Exile that date to 2009. However, those seeking access to the inner planning of the Dalai Lama and the Tibetan government in Exile simply shifted their attacks to Mac-based malware.
GhostNet, first discovered by researchers in Canada and the UK back in 2009, was a long standing espionage campaign against governments, human rights organizations and others. Though the Dalai Lama may have shifted to Mac, many of his supporters continue to use Windows systems, necessitating targeted attacks against both platforms.
The Tibetan Buddhist leader, the Dalai Lama, saw many of his supporters targeted in an e-mail attack that used news of the spiritual leader's birthday to trick recipients into installing a surreptitious monitoring program on their computers.
No comments:
Post a Comment