China: Beijing Extends Its Offensive to Cyberspace
China is taking the crackdown on Tibet and its supporters into cyberspace with spyware targeting international organizations, including UNPO.
Below is an article published by F-Secure.com:
There's unrest on the streets of Tibet - clashes between Tibetans and the Chinese military.
[…]
However, there's unrest also on the net. Groups supporting freedom of Tibet have been attacked with highly targeted and technically advanced attacks.
Quoting an Asia Free Press news report: "AFP received an email Tuesday from someone claiming to be in Denmark, who had attached a file they said were pictures of Tibetans shot by the Chinese army. When AFP tried to open the attachment, a virus warning appeared."
[…]
Somebody is trying to use pro-Tibet themed emails to infect computers of the members of pro-Tibet groups to spy on their actions.
And this is not an isolated incident. Far from it.
Groups working for freedom of Tibet all over the world have been targeted. These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month.
The mails are almost always forged to look like they would be coming from trusted persons or organisations, making it more likely they get opened by the recipient.
Just the filenames of some of the recent malicious attachments tell a lot:
UNPO Statement of Solidarity.pdf
Daul-Tibet intergroup meeting.doc
tibet_protests_map_no_icons__mar_20.ppt
reports_of_violence_in_tibet.ppt
genocide.xls
memberlist.xls
Tibet_Research.exe
tibet-landscape.ppt
Updates Route of Tibetan Olympics Torch Relay.doc
THE GOVERNMENT OF TIBET.ppt
Talk points.chm
China's new move on Tibetans.doc
Support Team Tibet.doc
Photos of Tibet.chm
News ReleaseMassArrest.pdf
Whole Schedule and Routing for Torch Relay.xls
As you can see there's a variety of "trusted" filetypes used in these targeted attacks, including DOC, XLS, PPT, PDF, CHM.
The contents of these bait documents have been crafted very well.
Note:
Please view the F-Secure webpage for further details: