Malware vendors have been sending various pro-Tibet groups email messages which contain malicious attachments.
The emails purport to come from 'The Unrepresented Nations and Peoples Organization'. However, researchers warn that the address appears to be forged.
The body of the email includes a short statement praising the group and condemning the attacks.
The malware itself is contained in an attachment disguised as an official statement, photos of the rioting, or a research presentation on the events in Tibet.
The attachments are actually Trojans which serve up a key-logger designed to evade detection from security applications.
"Groups working for the freedom of Tibet all over the world have been targeted," said security firm F-Secure.
"These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month.
"The emails are almost always forged to look like they come from trusted persons or organisations, making it more likely that they will be opened by the recipient."
Sans researcher Maarten Van Horenbeeck said in a blog posting that the attacks are not limited to various Tibetan support groups.
"They have been reported dating back to 2002 and have affected several other communities, including Falun Gong and the Uyghurs," he wrote.
Malware writers target pro-Tibet groups
By Shaun Nichols on Mar 26, 2008 7:00AM