Friday, July 6, 2012

Spammers Celebrate Dalai Lama’s 77th Birthday with Malicious Emails

Dalai LamaToday is the current Dalai Lama's 77th birthday.

For the past three days, spammers have been attempting to infect the computers of his supporters with malware  by pumping out emails discussing birthday celebrations.

Researchers at Kaspersky Lab wrote that the emails are titled “Dalai Lama’s birthday on July 6 to be low-key affair” and contain a malicious Word doc file with the same name.

Once the attached .doc file is opened, it exploits a [patched] vulnerability within Windows Common Controls to open a backdoor, allowing components of malware detected as Trojan.Win32.Midhos to be dropped and installed on the victim machine.

Fake Dalai Lama articleThe backdoor will attempt to connect to a remote server to retrieve additional instructions. Kaspersky Lab noted that the command & control server’s IP address matches the one used in a previous attack that targeted Mac users. It seems they didn't want to leave Windows users out of the "fun."

Should the attack be successful, the user will be presented with a "fake" document containing an article plucked from the Indian newspaper, “The Tribune, Chandigarh.”

To protect their machines, users should:

  • Avoid downloading or opening files attached to emails from unknown sources.

  • Keep Windows fully patched and up-to-date by applying updates from Microsoft.

  • Run antivirus software that offers real-time scanning and make sure the virus definitions are kept current.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment