Communist Hackers Build Botnet to Attack Vietnamese Dissidents

A new trojan, created by a group of hackers sympathizing with the Vietnamese Communist Party, was specifically built to attack dissident websites and bloggers.

The malware, which has been dubbed Vecebot by Atlanta-based security vendor SecureWorks, was created and released on around October 13.

The trojan drops several files called wuauclt.exe, wuauserv.dll and UsrClass.ini in the "%ProgramFiles%\Common Files\Windows Update Components" folder and installs itself as a service called Windows Update Components.

The configuration file is downloaded from remote servers and defines parameters for HTTP DDoS against websites used by Vietnamese anti-establishment bloggers and civil rights activists.

The list of targets includes x-cafevn.org, a popular dissident community website, which commonly criticizes the actions of the Vietnamese Communist Party.

In addition to DDoS attacks, the server hosting x-cafevn.org and the administrator's computer were broken into. The hackers stole private emails and the forum's member database and publishing it online.

The Vecebot botnet is believed to be comprised of between 10,000 and 20,000 infected computers at the moment, the majority of which are located in Vietnam.

It's likely that this new trojan is related to a different botnet called Vulcanbot, which targeted Vietnamese dissidents earlier this year.

"Vecebot may be a continuation of the Vulcanbot attacks, and it is possible that the same group has deployed this new trojan to continue those attacks," security researchers from SecureWorks, write.

"There is [...] some evidence that the attacks may have been perpetrated by a pro-communist hacking group," they add.

It is also interesting that this trojan was released a week before the expected release from prison of a dissident blogger known as Dieu Cay, on October 19.

He served a 30-month prison sentence for tax evasion, which many believe to have been an excuse to punish him for his anti-establishment opinion.

Dieu Cay, or Nguyen Van Hai by his real name, was not released as expected and there is information according to which authorities are detaining him on new charges of "propaganda against the state."