PC Security: Pro-tibet movie scams and rigged websites

McAfee Avert labs has discovered that cyber-criminals are using Pro-Tibet movies to infect users of Windows PCs.

The movie files claim to show a cartoon that ridicules the effort of a Chinese gymnast at the Olympic games followed by images supporting a free Tibet. However, while the movie runs a Keystroke Logging tool is installed onto the user’s PC – which is also hidden by a Rootkit, making it harder to detect and remove.

McAfee Researcher, Patrick Comiotto, said:

“This is a pro-Tibet Rootkit. What looks like a simple Flash movie actually silently drops a number of files onto your PC and then hides those files.”

Please see the following link to the Avert Labs blog which provides more technical information and screenshots:

http://www.avertlabs.com/research/blog/index.php/2008/04/14/is-malware-writing-the-next-olympic-event/

This is the second time in a week miscreants have taken advantage of the Olympics – just days ago McAfee discovered that pro-Tibet websites were being modified by attackers to host malicious software.

The “Fribet” Trojan horse was placed on hacked Web sites and subsequently loaded onto the PCs through a Windows vulnerability: http://www.avertlabs.com/research/blog/index.php/2008/04/10/friebet-attacking-your-backend-database-from-your-backyard/

Dave Marcus, security research and communications manager at McAfee Avert Labs, said:

“Cybercrooks are increasingly taking advantage of the high general interest in the Olympic Games to trick people into giving up personal information or to load malware onto their PCs. If you want to watch the Olympic Games it is better not to do it by opening a file that appears to be a movie that comes in e-mail.”