Knowledge Base/Tibet & China Malware News

Alienvault's report on targeted attacks on Tibetan NGOs is being used to deliver malware to ... Tibetan NGOs.

Greg Walton
posted this on March 19, 2012 18:59

Alienvault's recent report on targeted attacks on Tibetan NGOs is being used to deliver malware to ... Tibetan NGOs.

 

---------- Forwarded message ----------
From: webmaster <admin@alienvault.com>
Date: Mon, Mar 19, 2012 at 8:20 AM
Subject: Targeted attacks against Tibet organizations
To: ......


We recently detected several targeted attacks against Tibetan activist organizations including the Central Tibet Administration and International Campaign for Tibet, among others.
 
Here is one of the mails detected:
 
 
[ More information ]  
The link to [ More information ] in the body of the email connects to hxxp://dns.assyra.com/

This then drops /default.jar which exploits CVE-2011-3544


The Command & Control server is tibet.zyns.com:8080 (100.42.217.73)


Scumware also have a report