Malware writers cash in on Olympics

By

A video file laced with a malicious rootkit is the latest attempt by hackers to cash in on the Beijing Olympics..


The video appears to be a simple protest cartoon packaged in an executable file. But the 'Race for Tibet' movie also contains a piece of key-logging malware that installs itself as a driver.

The cartoon shows a Chinese gymnast performing in an event along with images from the recent riots and government crackdowns in Tibet. The user is then urged to join a 'race for Tibet' protest.

McAfee researcher Patrick Comiotto warned that the movie initially infects the user with a malicious driver. The file is installed in the '%windir%/system32/' driver folder under the name 'dopydwi.sys'.

The file then proceeds to create a .dll file that logs keystrokes which are later uploaded to a server in China.

The cartoon is the latest in a series of attacks that have tried to take advantage of the recent events in Tibet and the upcoming Olympic games in Beijing.

Malware-laden fake petitions and press releases were sent out to pro-Tibet groups in early March following initial rioting in the region.

By last week, the Trojan involved in those attacks was linked to a larger series of SQL website attacks.

Piggybacking on current events has become a common social-engineering tactic for malware distributors.

Events ranging from the Virginia Tech shootings to the execution of Saddam Hussein have been exploited by hackers to infect unwitting users.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?