Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    A recent targeted attack was discovered to be using Trojanized MS Word files embedded with malicious codes. The said files are sent as attachments to spammed email messages, albeit through a very limited distribution.

    What’s interesting here, according to Research Project Manager Ivan Macalintal, is that these Trojanized files are related to movements supporting the Tibetan government in exile. He adds that the file names are lifted from actual press releases and news headlines:

    • Free Tibet Olympics Protest on Mount Everest.doc 
    • CHINA’;S OLYMPIC TORCH OUT OF TIBET 1.doc
    • 2007-07 DRAFT Tibetan MP London schedule.doc
    • DIRECTORY OF TIBET SUPPORT GROUPS IN INDIA.doc
    • Disapppeared in Tibet.doc

    These files are detected, respectively, as the following:

    • TROJ_MDROPPER.GJ
    • TROJ_MDROPPER.GI
    • TROJ_MDROPPER.GK
    • TROJ_MDROPPER.GG
    • TROJ_MDROPPER.GH
    • TROJ_MDROPPER.TG
    • TROJ_MDROPPER.TG

    The following is a sample screenshot of the Trojanized document file:

     Trojanized documentTrojanized document 

    This social engineering technique has been seen before. In October, a Trojan detected as TROJ_MDROPPER.WI also rode on the newsworthiness of the monk-led protests in Myanmar by arriving as an attachment to spam, which purported to be a message of support from the Dalai Lama to the monks. The said technique is also a familiar one from WORM_NUWAR’s book: leveraging on headline-grabbing events to facilitate its propagation.

    (Thanks to Maarten of ISC for the heads-up.)





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice