Malware writers target pro-Tibet groups

Malware writers target pro-Tibet groups


Emails laced with malicious software

Pro-Tibet organisations are being targeted by a wave of malware attacks following rioting and police crackdowns in the volatile region of western China.

Malware vendors have been sending various pro-Tibet groups email messages which contain malicious attachments.

The emails purport to come from 'The Unrepresented Nations and Peoples Organization'. However, researchers warn that the address appears to be forged.

The body of the email includes a short statement praising the group and condemning the attacks.

The malware itself is contained in an attachment disguised as an official statement, photos of the rioting, or a research presentation on the events in Tibet.

The attachments are actually Trojans which serve up a key-logger designed to evade detection from security applications.

"Groups working for the freedom of Tibet all over the world have been targeted," said security firm F-Secure.

"These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month.

"The emails are almost always forged to look like they come from trusted persons or organisations, making it more likely that they will be opened by the recipient."

Sans researcher Maarten Van Horenbeeck said that the attacks are not limited to various Tibetan support groups.

"They have been reported dating back to 2002 and have affected several other communities, including Falun Gong and the Uyghurs," he wrote.