Security firms Kaspersky and AlienVault have teamed up to analyze an interesting spear phishing campaign that’s aimed at Uyghur users. Attacks against this community are not uncommon, but it appears that cybercriminals are not willing to give up just yet.
The attackers rely on maliciously crafted Microsoft Word documents which exploit a vulnerability that affects Microsoft Office for Mac. The security hole in question was addressed by Microsoft in the summer of 2009, but it appears it can still be used successfully in targeted attacks.
The documents are entitled something like this:
- WUC Hacking Emails.doc
- Concerns over Uyghur People.doc
- Jenwediki yighingha iltimas qilish Jediwili.doc
- Press Release on Commemorat the Day of Mourning.doc
- The Universal Declaration of Human Rights and the Unrecognized Population Groups.doc
- Deported Uyghurs.doc
- Kadeer Logistics detail.doc
Besides the fact that they all appear to cover topics of major importance to the Uyghur community, they have another thing in common. The author is always “captain,” a name utilized in previous attacks as well.
When these documents are opened, the exploit is triggered and several files are dropped into the /tmp/ folder. A legitimate document is opened to avoid raising suspicion but, in the background, the Trojan steps into play.
Kaspersky makes some important recommendations on how users can protect themselves against such attacks.
First of all, they recommend the use of Gmail, since Google’s mail service offers some additional mechanisms against targeted attacks, including the “nation state sponsored attacks” warnings we’re familiar with.
Experts also advise internauts to use Google Chrome for browsing the web. Google’s browser is more resilient to cyberattacks than other products.
When receiving suspicious-looking emails from friends, ask them if they’re really the ones who have sent them before opening their attachments or clicking on the links they contain.
Finally, the age-old advice: install security software onto your computer (even if it’s a Mac), and make sure that all the pieces of software that run on the device are up-to-date.