Malware found on pro-Tibetan independence websites
(10/04/2008)

ScanSafe has detected malware on the www.FreeTibet.org and SaveTibet.org websites, two pro-Tibetan independence websites.

Visitors to the homepages of these sites are exposed to an iFrame that redirects users to a site that hosts a Trojan downloader. A Trojan downloader is a program typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC. A Trojan Downloader may download adware, spyware or other malware from multiple servers or sources on the internet.

ScanSafe has notified both sites about the malware. ScanSafe has issued an alert warning web surfers that the pro-Tibet sites have been unknowingly hosting malware and infecting visitors by installing malware onto the victim’s PCs.

Spencer Parker, director of product management at ScanSafe says “These websites appear to have been specifically targeted as this is not a generic Trojan downloader. Someone or some group has gone to great trouble to rewrite the exploit and personalise it to the FreeTibet.org and SaveTibet.org websites. ScanSafe threat detection technology found an invisible iFrame which re-directs innocent visitors to a malware-infected site which we have tracked to servers hosted in Taiwan. Given the recent events in Tibet and the protests around the forthcoming Olympics and the Olympic Torch Run, there may be certain groups that are particularly keen to monitor or disrupt activities of pro-Tibet interests.”

“Given the world’s attention on relations between China and Tibet ahead of the Olympics, it makes sense that these sites would be targeted as web surfers go online to learn more about Tibet and Tibetan independence. We recommend web surfers take extreme caution and that all websites review their security policies in the light of these latest developments.”