back to article Pro-Tibet rootkit Trojan poses as cartoon

Malware writers have passed the baton in the race to take advantage of the Olympics with the second attempt to load malware onto PCs in a week. A movie file circulating on the net that poses as a cartoon ridiculing the effort of a Chinese gymnast at the games, followed by images supporting a free Tibet, has been booby-trapped …

COMMENTS

This topic is closed for new posts.
  1. Dirk Vandenheuvel

    Exe?

    I thought people stopped opening email/internet exes 15 years ago?

  2. Nick Pettefar

    It is impossible

    to overestimate the ability of an average Windows user to get themselves into trouble.

  3. Mat

    Here we go again...

    <beavis and butthead>

    Huh huh huh..... Windoze lusers... huh huh huh.... stupid... huh huh huh...

    </beavis and butthead>

    FFS.

  4. Anonymous Coward
    Coat

    Re: Exe

    And i thought china was decent...

  5. Danny
    IT Angle

    executables

    anyone stupid enough to open such executables, deserves a virus, too bad normal, responsible users will also be affected by it in the long run.

  6. Anonymous Coward
    Anonymous Coward

    *sigh*

    *bigger sigh*

  7. Rob Dobs
    Flame

    Ominous

    A previous rootkit that is an obvious attempt to collect names and information on Tibetian freedom fighters (or "terrorists" if you ask China) from user databases and now this, another virus intended to keylog a target audience who is sympathetic to Tibet or anti-Chinese government - When will the world at large wake up and realize that China as a government is funding cyberterrorism?!?!? Everyone is quick to point out the obvious that Windows users shouldn't click on .exe's (duh!) dosen't anyone see the bigbrother scary aspect and the damage that a government funded agency can do when supporting illegal activity? (This has to be in violation of several peace treaties, and I see it as a hostile act of war) - where is the US / UK government? oh yeah at the trough with the rest of the pigs sucking up the proceeds of chinese slave labor !!!!! Ugghh!!!

    So who out there is willing to support a access ban on China?

    Block them via BGP at the AS level - then you no longer have to worry about payloads being sent back to foreign countries where no sane law applies. While where at it why don't we throw in Russia, Isreal and few other countries that don't feel like playing by the rules. Then we could move onto to blocking ISP's and companies with poor security policies.

    Then onto the indiviuals operators who have shoddy policies - HA! now were safe, oh wait a minute ..... why can't I reach anything anymore?

    hmm, maybe just china and russia then, sure they can proxy and get around it, but it would make it harder for them to home stolen payloads since they have to send their stolen data to a compromised machine in a country outside their military control, plus it costs me nothing, and just maybe these extra stepping stones they have to cross to get here allow more chances for detection and response.

    (another big sign)

  8. Gordon Fecyk
    Stop

    "Web War Two: Attack of the Clowns"

    For those not keeping count: "Web War One" was the Estonia / NATO conflict.

    http://www.wired.com/politics/security/magazine/15-09/ff_estonia

    Attached EXEs were addressed, what, four versions of Outlook ago, one version of Outlook Express ago, and are banned summarily by any ISP with a clue these days. To open this in an e-mail would require a seven year old version of Outlook or Outlook Express and a nine year old version of Windows, and that's after you deliberately turn off the safeties.

    I've been waiting seven years for a full on virus war... bring it on so we can predict the death of the Internet. Maybe it'll finally wake folks up to how popular anti-virus software fails to do its job. And, let's not forget that McAfee supplies viruses to China, so we can thank our private security guards for this one.

    http://www.theregister.co.uk/2001/04/03/chinese_feds_demand_computer_virus/

  9. crayon
    Unhappy

    @ Ominous

    "where is the US / UK government?"

    Too busy having fun with Echelon.

  10. Svein Skogen
    Joke

    If it logs to a known server

    Couldn't we solve this in a more responsible manner? I'm fairly sure network admins worldwide wouldn't mind redirecting all the RFC1918-traffic passing misconfigured NAT setups towards that ip. If it still answers to anything after that, we can redirect all the other martian packets there. Think of it as an ip packet recycler.

    Now, can we _PLEASE_ have the ip for that server they want traffic to?

    //Svein

  11. Andy Gates
    Pirate

    Sighfest

    WW1 was one grumpy Russian, not a government attack. He was sentenced and everything. Do try to keep up.

    As for blaming China, that's not *nearly* sneaky enough. This could just as easily be a setup to make China look like villains; there are many axes to grind here. Block off national comms because of one script-kiddy's unsourced, unverified trojan? Get real.

    Users will always click on cool-looking stuff. Sigh all you like, that won't stop it happening.

  12. Ishkandar

    @Andy Gates

    That's the typical retard, knee-jerk reaction of the ban-everything brigade !!

    Who cares about facts !! You are guilty until proven innocent !! Kill them all and let God sort out the good ones !!

    And they have the cheek to point fingers at the Talaban !!

    Perhaps this is *exactly* what those malware producers were after !! Retards with knee-jerk reactions !!

  13. Rob Dobs
    Flame

    sigfest

    "He was sentenced and everything. Do try to keep up."

    Sorry, I thought there were dozens of reports of virus and trojans that had their payload depositied to either China or Russia. I wasn't aware that they had caught and sentanced them all.

    Seriously though, the problem I was raising is that these governments at the very best are refusing to do NOTHING about serious criminals within their boundaries. More realistically, the government opposition and policitcal enemy targets that keep being the focus of this malware, on top of the relative level of sophistication make me skeptical that this is anything other than government sponsored cyber warefare.

    To often these ip addresses route to state sponsored or owned businesses, and the governments are moronically evasive and unresponsive to compaints and inquiries.

    One virus that fingered either country and I would say "get real", dozens of incidents over a decade is a serious trend.

    Using Chinese government address space from a region in china, and then get China to protect your efforts, that's a realy powerful script kiddy for you.

    Some of these cost the westen world a good bit of expense, I sure hope they leaned on local athorites to do Something but nothing happened.

    Of course Russia will arrest one dump rogue virus writter, not only is he breaking the law, but he's causing the state undue attention :-)

    This is only going to get worse unitl our legislature in the western world undertands the problem better.

  14. lglethal Silver badge
    Coat

    Make the Great Firewall of China work both ways

    and i have no doubt, a hell of a lot of this stuff would stop (or at the least be offline for the few weeks it takes to set up a new host in Russia/Eastern Europe).

    Additionally, somehow it just feels right to me that if one nation's government is going to block all incoming traffic that they dont like, then we should block all outgoing traffic we dont like. Of course the Chinese already have a system in place to check all data entering China, so until we get to that same place perhaps we should just block all data exiting China?

    What do you think? Good idea? Bad idea?

  15. Rob Dobs
    Thumb Up

    Good idea but,

    it might be hard to get the govt to go along with the idea.

    Great thing about access lists and BGP blocking is you can do it at the individual/company/isp level. Rogue hackers would relocate, but the threat of governments hiding out in their own countries and protecting illeal activities could be addressed.

This topic is closed for new posts.