By John P. Mello Jr. TechNewsWorld
10/03/07 4:00 AM PT
Hackers have taken advantage of the worldwide attention centered on the violent protests in Myanmar to further the spread of malware, according to security firm Sophos. A new scam sends its victims e-mail with an attached Microsoft Word document purportedly written by the Dalai Lama supporting the pro-democracy demonstrations in the country. The file, once viewed, opens the PC to malware.
Given the penchant of online scammers to exploit high-visibility events for their own malignant purposes, security experts were unsurprised this week to learn that Myanmar has became a vehicle for planting malware on unsuspecting users of personal computers.
The e-mail scam publicized by endpoint security and control firm Sophos uses a Microsoft (Nasdaq: MSFT) Word file purportedly originating with His Holiness the Dalai Lama of Tibet to open a back door in a PC and download a malware Trojan.
The e-mail containing the infected Word document tries to persuade recipients to open the malicious file with the message:
Dear Friends & Colleagues, Please find enclosed a massage [sic] from His Holiness the Dalai Lama in support of the recent pro-democracy demonstrations taking place in Myanmar. This is for your information and can be distributed as you see fit.
Best wishes.
Tenzin Taklha
Joint Secretary
Office of His Holiness the Dalai Lama
"It's a pretty sad state of affairs, but unfortunately it's not surprising," Sophos Senior Technology Consultant Graham Cluley told TechNewsWorld.
"Whenever there's a really big story in the news the hackers often follow quite quickly with their attempts to exploit it," he said.
Slave of Hackers
Once a PC is infected through the Word file, he continued, the machine becomes a slave to hackers.
"They can do whatever they like with it really," he noted. "They can send spam. They can steal information from you. They can log your keystrokes and steal your passwords."
The exploit, he explained, only works on machines with Word installed on them. If the Word file is opened by another program -- WordPerfect, Wordpad, OpenOffice and such -- the malicious code in the file won't execute.
Microsoft is investigating reports of malware being spread via e-mail that claims to come from the Dalai Lama, the company said, though it noted that none of the reports have come to Microsoft directly from customers.
Sneaking Through Filters
The use of attachments in e-mail messages has fallen into disfavor among hackers because many systems strip them from messages before they can arrive in a user's inbox. However, as a rule, it's difficult to zap all attachments.
"A lot of companies have filters in place that drop all executable attachments, but they usually still have to let Word, Excel and other Office formats through because people use so many of them," Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, told TechNewsWorld.
"That's how you can sneak past some of the filters people put in place," he added.
Luring Users
Using recognizable file formats also induces users to lower their guard when handling attachments, maintained Paul Henry, vice president for technology evangelism at Secure Computing.
"They're socially acceptable files," he told TechNewsWorld. "You'd expect to receive a Word file, a PDF, an Excel spreadsheet from other business people."
To counter the inclusion of malevolent code in respectable files and Web sites, Henry continued, white hats have started using anti-malware scanning.
"It's a step above what anti-virus software does," he said.
Anti-malware scanning, he explained, reads the code that will be executed by a Web site or contained in an e-mail attachment, and it analyzes the intent of that code: Is it trying to write to the Windows Registry? Is it trying to connect to the Internet to download a file?
"If it finds too much risk," he observed, "it simply blocks access to that information."
What to Do?
How can users protect themselves from attacks like the one in the Dalai Lama letter?
"First and foremost, make sure your operating system and applications have up-to-date patches," Shane Coursen, senior technical consultant with Kaspersky Labs, told TechNewsWorld.
"And don't open attachments in unsolicited e-mails," he added.
Web 2.0 Is Security Soft Spot for Enterprises, Report Says October 01, 2007
A recent Forrester study, which surveyed 153 IT professionals and security decision makers, found that organizations spend up to $13 billion globally for direct malware remediation costs. Based in part on that spending, 97 percent of all enterprise IT staff consider themselves prepared to deal with Web 2.0 security issues. However, 79 percent reported frequent attacks from malware.
Related Stories
Incurable Viruses: How Real Is the Threat? August 23, 2007
The only type of virus that is truly incurable is a physically destructive virus. If the virus is a Trojan, worm or other file infecter, it can be cleaned up. An incurable virus would be one that alters or damages the system in some way. The question is: If there is no damage to the hardware and you can reload the OS, is the virus truly incurable?
Webroot CTO Gerhard Eschelbeck: The New Malware Generation August 14, 2007
"People need to realize there are security implications attached to [VoIP] as well, and I think that probably was one of the topics of the conference where a number of people raised the issue of security on Voice over IP, what do we need to do, what can we do, what are some of the risks of moving to a Voice over IP infrastructure from a security perspective?" said Webroot CTO Gerhard Eschelbeck.
Related News Alerts
More by John P. Mello Jr.
McAfee Gives Enterprise Macs a Bodyguard November 02, 2009
When it comes to Mac use in an enterprise environment, running third-party security software isn't just a matter of using an abundance of caution. It may also be a matter of complying with governance mandates and regulations. McAfee's new Endpoint Protection for the Mac targets enterprise systems handling large amounts of sensitive data.
Adobe Elements Buffs Up for Mac October 26, 2009
For the almost-but-not-quite pro photog, Adobe Photoshop Elements offers a collection of tools that go beyond most free offerings but don't dish out the wallet-busting feature overload of full Photoshop. In the past, some Mac users have been annoyed with Adobe for having versions of Elements ready for Windows months before they were out on Mac. With version 8, both platforms get their chance at the same time.
GoToMyPC Gets Ready to Go to Your Mac October 19, 2009
GoToMyPC has been a popular remote access product in Citrix's portfolio, and previous versions have allowed any Net-connected computer to remotely control a PC. A new version, soon to come out of beta and into full release, can access Macs as well. With the growth of both telecommuting and Macs in the enterprise, Citrix felt the time was right.