The Latest in IT Security

Spammers Use Fake Tibetan Statement on the Olympics


As early as March 2012, we have spotted a number of Tibetan-themed campaigns, and we’ve documented some of them through this blog. So far, the attacks are pretty consistent: they usually arrive as emails with pro-Tibetan sentiments as subjects, and have malicious file attachments.

Very recently, however, we found one Tibetan-themed campaign that also touches a very relevant current event: the 2012 summer Olympics in London.

As seen above, the email message is consistent with the typical techniques observed in other Tibetan-themed spam campaigns. In this case, however, the attached compressed file includes a decoy .DOC file with the file name China’s Olympic Legacy.docx. Along with it are two malicious executables, poster.scr and Tibet and Olympics.scr, which Trend Micro both detect as TROJ_DROPPER.WSD. These Trojans drop TROJ_RUGENT.A, display the images shown below, and then delete themselves.

TROJ_RUGENT.A, once executed, connects to certain URLs to send and receive information. Its routines may include the collecting of information about the affected system and its user.

Trend Micro users are now protected from this threat through the Smart Protection Network, which blocks the spam messages and detects the malicious files.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments