Sneaky.
I left my job as a journalist in Australia and am not here on a journalist visa. I have no reason to be, I am working as a teacher.
But, I still have access to my work email in Australia. Oddly enough I got a few Chinglish emails with attachments. Even more bizarrely, one is from a woman called Pam.
Here's a great idea. We don't want bad publicity so let's do sneaky things to the people who are responsible for our coverage in the foreign media.
[010] Targeted Malware Attack on Foreign Correspondent's Based in China (09/28/2009)
Targeted Malware Attack on Foreign Correspondent's based in China
By Nart Villeneuve (nart.villeneuve@utoronto.ca) and Greg Walton
(g.walton@secdev.ca) | Sept. 26, 2009.
Overview
There have been recent reports of malware attacks on journalists based in China. The attacks specifically targeted Chinese employees working for media organizations, including Reuters, the Straits Times, Dow Jones, Agence France Presse, and Ansa. These employees received an email from "Pam <pam.bourdon@yahoo.com>" who claimed to be an editor with the Straits Times, that came with a PDF attachment that contains malware. When opened, malicious code in the PDF exploits the Adobe Reader program and drops the malware on the target’s computer.
These attacks correlate with reports of increased security measures within China as a result of the 60th anniversary of the founding of the People's Republic of China.2 These increased security measures have also been extended to the Internet, with providers of anti-censorship technology reporting increased levels of blocking that prevents people from accessing the web sites of foreign media and news organizations.
This short briefing from the Malware Lab and the Information Warfare Monitor analyzes a sample from one of the attacks on behalf of an international news agency that operates in China, and a member of the Foreign Correspondents Club in Beijing.
Key Findings:
* The content of the email, and the accompanying malicious attachment, are in well written English and contain accurate information. The email details a reporter’s proposed trip to China to write a story on China's place in the global economy; all the contacts in the malicious attachment are real people that are knowledgeable about or have a professional interest in China's economy.
* The domain names used as “command & control” servers for the malware have been used in previous targeted attacks dating back to 2007. The malware domain names, as in previously documented cases, only resolve to real IP addresses for short periods of time.
* The malware exploits vulnerabilities in the Adobe PDF Reader, and its behaviour matches that of malware used in previous attacks dating back to 2008. This malware was found on computers at the Offices of T in London, and has used political themes in malware attachments in the past.
* The IP addresses currently used by the malware are assigned to Taiwan. One of the servers is located at the National Central University of Taiwan, and is a server to which students and faculty connect to download anti-virus software. The second is an IP address assigned to the Taiwan Academic Network. These compromised servers present a severe security problem as the attackers may have substituted their malware for anti-virus software used by students, employees, and faculty at the National Central University.
Read more here -
http://www.zonaeuropa.com/200909c.brief.htm#010