Scary attacks

I'd never want to be targeted by people who are well funded, highly skilled and motivated like this:
Groups supporting freedom of Tibet have been attacked with highly targeted and technically advanced attacks.

Quoting an Asia Free Press news report: "AFP received an email Tuesday from someone claiming to be in Denmark, who had attached a file cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y said were pictures of Tibetans shot by cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chinese army. When AFP tried to open cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attachment, a virus warning appeared."


So...what do cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se attacks look like in practice? Lets take an example. Here's an email that was mailed to a pro-Tibet mailing list three days ago. It looked like it was coming from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Unrepresented Nations and Peoples Organization (UNPO). However, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 email headers were forged and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mail was coming from somewhere else altogecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r.

However, this is not a normal PDF document. It contains a modified version of a PDF-Encode vulnerability to exploit Adobe Acrobat when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 document is opened.

The exploit silently drops and runs a file called C:\Program Files\Update\winkey.exe. This is a keylogger that collects and sends everything typed on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 affected machine to a server running at xsz.8800.org. And 8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks.

The exploit inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PDF file was crafted to evade detection by most antivirus products at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 time it was sent.

Comments