<<<
NEWS FROM THE LAB - Monday, August 24, 2009
>>>
 

 
Uyghur Malware Posted by Mikko @ 14:57 GMT

Over the summer there's been unrest and rioting among the Uyghurs, an ethnic minority living in western parts of China.

The riots were shut down by force by Chinese army.

Image (c) Copyright Freerepublic.com

Image (c) Copyright Freerepublic.com
Images from Free Republic

This is probably not connected at all, but we've noticed a steep increase in the amount of targeted attacks against organizations supporting the Uyghurs.

These support groups operate around the world. The attack techniques against them are the same as we've seen in similar attacks before: highly targeted emails with innocent looking booby-trapped document attachments.

Here's some examples of such malicious documents that we've seen. Most of them look pretty innocent.

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

When opened, all the above documents use known vulnerabilities in Adobe Reader or Microsoft Word to invisibly take over the computer. After this a backdoor allows an outsider full access to the computer and the local area network.

Targeted attack against Uyghur supporters

Targeted attack against Uyghur supporters

The two screenshots above are not from documents but instead fake screen savers… which contain backdoors.

Again, this wave of attacks against Uyghur supporters probably isn't connected to the real-world riots in any way. We think.