Trojan horse exploits crisis in Burma free RSS feed from Security Park
(02/10/2007)

Using sensational news subjects to trick people into clicking links is one of the oldest tricks in the book but it still works. Hackers are taking advantage of people around the world hungry to hear about the latest situation in Burma and support the pro-democracy movement. An email which claims to be a message of support for monks and other protestors from the Dalai Lama in reality carries a malicious attack designed to infect the recipient’s computer.

Computer users should be wary of a malicious email which claims to be a message of support for monks and other protesters in Burma from the Dalai Lama. In reality, however, it carries a malicious attack designed to infect the recipient's PC.

The email reads as follows:

Dear Friends & Colleagues, Please find enclosed a massage from His Holiness the Dalai Lama in support of the recent pro-democracy demonstrations taking place in Burma. This is for your information and can be distributed as you see fit.

Best wishes.

Tenzin Taklha
Joint Secretary
Office of His Holiness the Dalai Lama

When users open the attached document (filename: hhdl burma_001.doc), it attempts to exploit a Word vulnerability which in turn tries to drop a Trojan horse onto the victim's PC. Sophos has detected the malicious document is Exp/1Table-B and the Trojan it tries to install is Agent-CGU.

To add even more credibility to the message and to encourage a greater number of victims to open the attachment, a link to official website of the Dalai Lama was included.

"The Burmese regime is said to have tried to stop news from coming out of the country by shutting down internet cafes and controlling computer users' access to the net. People around the world are hungry to hear about the latest situation in the country and support the pro-democracy movement, and may be tempted to read this so-called letter from the Dalai Lama," said Graham Cluley, senior technology consultant at Sophos.

"Using topical news stories to trick unwary computer users into opening and downloading malicious code is one of the oldest tricks in the book, but it's obviously still working or the hackers wouldn't waste their time on it. We should all use our common sense and question the legitimacy of emails sent out of the blue."

Related topics:  Hacking and intrusion prevention   Virus, Worm, Email security, spyware and malware 

print versionPrint version | email this to a friendEmail to a friend | related articlesRelated articles

 

Other Security news and resources


Security News Suppliers Directory Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security interviews Security companies Security events Security links Security market

Product channels

Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Other Security Products

IT Security white papers and research library

Access Control  Authentication  Data Management  Data Security  Digital Signatures  Email Security  Identity Management  Internet Security  Intrusion Prevention  Network Security  Remote access security  Security Management  Security Policies  Security Software  Security Threats  Virus Detection Software  Virus Protection  VPN  Vulnerability Assessment  Wireless Security 

Security books, guides, standards and toolkits

RFID and Smart Cards books, guides and reference documents  Biometric books, guides and reference documents  CCTV books, guides and reference documents  Intruder alarms and intrusion detection systems books, guides and reference documents  Monitoring and surveillance books, guides and reference documents  IT Governance, ISO 27001 ISO 17799 and BS 7799 toolkits  Fire, Health & Safety books, guides and reference documents

Security Resources
Directory GET LISTED! Jobs forum Classifieds Knowledge base White papers Research library Security books Special reports Security companies Security events Security links Security market Company news

Security Products
Access Control Biometrics CCTV Intruder Alarms IT Security Manned Guarding Perimeter Protection Physical Security Remote Monitoring Security Services Fire, Health & Safety Security products

Security Markets
Bank and financial services security Corporate and enterprise security Education and school security Entertainment and events security Homeland and Government security Hospital and healthcare security Infrastructure and utilities security Manufacturing and industrial security Public sector security Residential and home security Retail security Small business security Sports and recreational security Transport and logistics security


Ensure that you conduct an effective information security risk assessment that is in line with ISO 27001 by purchasing vsRisk™ Risk Assessment Tool

Need a
reference book?
Find it on Amazon:
Security books and magazines in association with Amazon.co.uk







advertise
sumbit an article
copyright
terms & conditions
privacy policy


CMS and Web design by www.Areza.com

Article search

Directory search


add your company
Google

Accelerate your ISO27001 project and develop an ISO27001-compliant Information Security Management System (ISMS) with the help of this toolkit
Home | About us | Contact us | Submit an article | Advertise | Newsletter | RSS Newsfeed | SEARCH