Johannesburg, 16 Apr 2008
McAfee Avert Labs has discovered a file that appears to be a cartoon movie that ridicules the effort of a Chinese gymnast at the games, followed by images supporting a free Tibet.
But the cartoon does more than protest against China, says McAfee researcher, Patrick Comiotto. "While the movie runs, a keystroke logging tool is installed onto the user's Windows PC and hidden by a rootkit, making it harder to detect and remove."
Comiotto explains that this is a pro-Tibet rootkit. "What looks like a simple Flash movie actually silently drops a number of files onto your PC and then hides those files."
According to Comiotto, the malicious cartoon is distributed as an e-mail attachment called "RaceForTibet.exe". He says information captured by the keystroke logger is transmitted to a computer that appears to be located in China, and affects Windows PCs only.
Discovery of the keystroke logger with a rootkit comes days after McAfee Avert Labs warned of pro-Tibet Web sites being modified by attackers to host malicious software, he says. "The 'Fribet' Trojan horse was placed on hacked Web sites and subsequently loaded onto the PCs through a Windows vulnerability unbeknownst to Web surfers."
According to Dave Marcus, security research and communications manager at McAfee Avert Labs: "Cyber-crooks are increasingly taking advantage of the high general interest in the Olympic Games to trick people into giving up personal information or to load malware onto their PCs. If you want to watch the Olympic Games, it is better not to do it by opening a file that appears to be a movie that comes in e-mail."
Share