Take Care! Surveillance!
Don’t open any E-Mail attached PDF-Documents! Especially, if they appear to be sent to you by the Unrepresented Nations and Peoples Organization (UNPO). Most propably that’s not the real orgin! As reported by F-secure, the PDF document drops a file called winkey.exe to C:\Program Files\Update\ and later executes it. Despite the fact, that it is placed under „Updates“, it is not something you would want to have on your PC for it is a keylogger. Well…that’s nothing new – thousends of infected mails drop by at every mail provider – this one though is a specielity:It is directly aimed at Pro-Tibetian Groups and Organisations! The PDF-document is a statement of solidarity to the Tibetian:
„UNPO condemms the draconian Chinese response that has led to substantial loss of life and countless detentions and beatings, and calls upon the Chinese authorities at all levels to enter into a constructive dialoque designed to end the violence and promote a return to peace within Tibet as soon as possible“
And since every Keylogger needs a Server, guess where the Server is located! Damm right: In China!!! xsz.8800.org, this server is allready quite known by internet security specalists: „8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks.„(F-Secure)
And that’s not it! There many more of these attacks going on right now! All of them have in common that the sender adress is spoofed to look like a trusted party and that they all have an infected file attached to it that has something to do with Pro-Tibeteriasm.
I do not know, if this is the doing of (recently growing) chinese intelligence services, some other politically/economically driven party or rouge black hat hackers (the later seems quite unlikely though). I guess, the chinese government wouldn’t hinder anyone doing just this kind of stuff. The fact, that this is acutally happening should be enough, to cause an international outcry!
There is another thing, that really concerns me: The Russian Business Network (RBN), one of the worst areas in the Internet in terms of cybercrime recently shut down it’s servers/lost connection to the rest of the internet. While there have been reports suggesting, the RBN re-opened it’s doors, there are RBN-like structures arising on chinese ground – perhaps even financed by the RBN. At the same time, Chinese government recently decided to form a military cyber-unit and international govermental agencies see themselves confronted with acts of chinese reconnaissance and sometimes even attacks. Of course, they are not directly traceable to the chinese government, still…Many security specialists believe, that china is kinda seeking worldwide cyber-dominance. All this suggests, that China does have the ressources to stop those RBN-derivates but nothing seems to happen! What does this mean? Propably China even likes the RBN to gain a foothold in China so they can pretend to be rouge hackers while attacking…let’s say the german Reichstag (as allready happend if I’m not mistaken). Of course, this is all a hypothesis, nothing real! But feel yourself warned: Secure your Computer! Hard times are to come!
Whoever it is, they are trying to spy on Pro-Tibetian groups and individuals. So if you get an unrequested mail by any party with any kind of attachement: double check, if the file is clean via antivirus-software and by sending (do not use the reply function but any known mail addy) a mail asking, if this mail really originates from the specified sender! Furthermore: Inform other Pro-tibetian Individuals/Groups of this new threat.