Once again, criminal hackers are targeting a worldwide event to deposit their malicious software on victims' PCs, according to one security vendor.
Within the last six months, MessageLabs has found at least 13 new Trojan horse programs associated with e-mails bearing subjects such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents."
The problem is, according to a MessageLabs representative, that the hackers' e-mail messages employ an embedded Microsoft Office database file within the zipped attachment. Microsoft said in a recent security advisory that customers not running Windows Vista or Windows Server 2003 are vulnerable to allowing remote attackers to gain full access to a compromised machine.
Once the malicious code is installed, an attacker could steal personal data. MessageLabs further predicts that malicious-code writers will change formats by using 1 Byte XOR Key, Multiple XOR keys, and ROR, ROL, ADD, and SUB formats.
The e-mails, however, are not random. MessageLabs says the Trojan horses are often targeted to individuals within a specific organization in an attempt to gain access to the corporate network. This practice is known as "spear phishing."
So far, such attacks appear to be a corporate threat, as opposed to an individual threat.
Research from MessageLabs shows that while the e-mails state that they come from the International Olympic Committee in Switzerland, most have IP addressed based in Asia.
Two toolkits designed to help ordinary people participate in denial-of-service attacks against Western media have surfaced on the Internet, according to one researcher.
In a blog Tuesday, Jose Nazario of Arbor Networks says one of the toolkits is easier to use than the other though both are designed for "the masses." This isn't new, and toolkits such as these have been created for other political protests in the past.
AntiCNN.exe was the first of the two tools found on the Internet. Nazario reports that it opens a flood of HTTP connections and attempts to hurt the servers with volume.
Sdos.exe is the second tool. According to Nazario, "This one lets you specify a target server and a port, uses a simple connect() loop for the TCP flood."
Nazario says there is a third toolkit out, but it includes a backdoor back to its authors and could be used for other purposes.
Although CNN escaped a distributed denial-of-service (DDoS) attack planned for Saturday, the site has experienced either random outages or inflated response times over the last 72 hours, according to one Internet research company.
Netcraft reported Tuesday that during a three-hour period on Sunday morning, the CNN.com site was unavailable from its listening post in Pennsylvania. And on Monday, the site experienced inflated response times. CNN.com did suffer a minor DDoS last Thursday, but recovered by limiting access from certain geographic areas, mainly Asia.
Also on Tuesday, The Dark Visitor, a site that tracks Chinese hackers, said a downloadable tool is now available for those wanting to participate in future attacks. Over the weekend, The Dark Visitor reported on the structure in place for launching attacks on Western media. The individuals, loosely calling themselves "Revenge for the Flame" and "HackCNN" feel that Western media have not presented a balanced view in reporting on the protests in Tibet and the Olympic torch runs through major world cities.
For the most part, CNN appears to have avoided the brunt of the Chinese DDoS attacks.
That wasn't the case with The Sports Network. On Monday morning, the site (not affiliated with CNN) was down due to a "political entity in China." Blogger Christine Lu has screenshots of the message and the defaced Sports Network page (scroll down). The group HackCNN has claimed responsibility for The Sports Network attack.
Several groups of Internet organizers plan to show on Saturday that they can mobilize patriotic Chinese Internet users and wield their influence worldwide against what they say is anti-Chinese media in the Western world.
The Dark Visitor, a site that tracks the activities of Chinese computer hackers, is reporting that a distributed denial-of-service (DDoS) attack on CNN.com is planned for 8 p.m. Beijing time, or 5 a.m. PT in the United States.
But the organizers themselves (Google translated page) appear to be waffling, and Jose Nazario of Arbor Networks reports that there has been little preattack activity within the last 24 hours.
Calling their action the "Revenge of the Flame," a group of computer protesters in China appears to have learned from both last year's cyberattacks on Estonia and the more recent anonymous attacks on the Church of Scientology. But Revenge of the Flame organizers stress that their attacks will not be a crime.
"We want to be patriotic," one organizer wrote, arguing that they intend to link Chinese Internet users together against one target: CNN.com. Should the attack be successful, the Revenge of the Flame planners will then consider immediately dissolving the flame of revenge ("after all, cybercrime is cybercrime," says the organizer), continue to attract more users, and "enhance the people's awareness of network security."
In the real world, a separate, perhaps unrelated, group is planning (Google translated page) for simultaneous protests on Saturday in Berlin, Amsterdam, London, and Paris.
Meanwhile, yet another Internet site, Anti-CNN.com, claims that protests in favor of China have not been published fairly by Western media in Germany, France, Canada, and the United States.
A banner on the Anti-CNN.com says (translated from the Chinese), "We are not against the Western media, but against the lies and fabricated stories in the media." The site includes example headlines from Der Spiegel, The Washington Post, and Fox News, in which it claims that photos of the police attacking the Monks are Napalese, not Tibetan.
- prev
- 1
- next
