[ insider_reports_insider ]
Seven Virus Pieces In Tibet
David Utter
Staff Writer
2008-03-12
 Insider Reports RSS Feed
Bad puns on movie titles aside, the various components of a recently spotted computer threat uses images from Tibet to entice people to accept an attack on their systems.
 | | Seven Virus Pieces In Tibet |  |
Tibet seems to be a popular topic for criminals seeking a route into people's computers. The country regularly receives a modest amount of press coverage over efforts to free Tibet from Chinese rule.
Malware distributors may be taking advantage of that mindset, as they chose a set of National Geographic photographs from 1940's-era Tibet to try and distract the viewer from the infection taking place. Security vendor Sophos displayed a pair of the fantastic photos, which arrived in a CHM (compressed help file) attachment to an email.
"While you were busy looking at pictures of Tibet from the 1940's, a lot of things have been happening on your computer," wrote Sophos researcher Numaan Huq, who described the connections, downloads, and launches taking place in the background.
Researcher Elodie Grandjean at security vendor McAfee broke down the infection process into a seven-part flowchart, after noting how this set of Tibet photos closely followed another Tibet-oriented spam campaign from a week earlier.
"Both are linked to the same remote servers and involve the same family of malware (Spy-Agent.cp), which is a multi-part trojan composed of a loader, an infostealer, a backdoor component and an update installer," said Grandjean.
The lesson remains the same: don't open attachments from unknown senders. Skidmore College has the photo collection for those interested in a look at these images.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
