Wednesday, January 30, 2008 10:08 AM
cmosby
Trojanized .DOC Files in Targeted Attack | TrendLabs | Malware Blog - by Trend Micro
es and news headlines:
- Free Tibet Olympics Protest on Mount Everest.doc
- CHINA’;S OLYMPIC TORCH OUT OF TIBET 1.doc
- 2007-07 DRAFT Tibetan MP London schedule.doc
- DIRECTORY OF TIBET SUPPORT GROUPS IN INDIA.doc
- Disapppeared in Tibet.doc
These files are detected, respectively, as the following:
- TROJ_MDROPPER.GJ
- TROJ_MDROPPER.GI
- TROJ_MDROPPER.GK
- TROJ_MDROPPER.GG
- TROJ_MDROPPER.GH
- TROJ_MDROPPER.TG
- TROJ_MDROPPER.TG
The following is a sample screenshot of the Trojanized document file:
This social engineering technique has been seen before. In October, a Trojan detected as TROJ_MDROPPER.WI also rode on the newsworthiness of the monk-led protests in Myanmar by arriving as an attachment to spam, which purported to be a message of support from the Dalai Lama to the monks. The said technique is also a familiar one from WORM_NUWAR’s book: leveraging on headline-grabbing events to facilitate its propagation.
(Thanks to Maarten of ISC for the heads-up.
Source: Trojanized .DOC Files in Targeted Attack | TrendLabs | Malware Blog - by Trend Micro
Filed under: Security and Anti-Virus, Internet Hacks