14 DAY TRIAL // Security researchers from antivirus vendor BitDefender warn that the Nobel Peace Prize is being used as a lure in a targeted email attack in order to infect users with a backdoor.
The fake emails purport to come from the Vice President of Strategy of the Oslo Freedom Forum and try to pass themselves as invitations to the upcoming Nobel Peace Prize ceremony.
Bearing the title of "An invitation to the Nobel Prize ceremony of Liu Xiaobo" the rogue messages read:
"Dear Sir / Madame
I enclose a letter from Oslo Freedom Forum founder Thor Halvorssen inviting you to join him in Oslo for the Dec. 11th Prize ceremony. Let me know if you have any questions."
A malicious file called invitation.pdf, which attempts to exploit a security vulnerability in older versions of Adobe Reader, is attached to the email.
Successful exploitation results in a trojan being dropped on the system as svchost.exe. This malware further installs a backdoor under c:\windows\midimap.dll.
This attack uses DLL hijacking techniques and will cause applications using insecure library loading functions to favor the rogue midimap.dll from the Windows directory instead of the legit one located in system32.
Midimap.dll (Microsoft MIDI Mapper) is normally called by numerous programs that support audio event notifications and other alerts.
Another method used by the attackers to avoid raising suspicion involves opening a clean PDF document after exploitation occurs.
According to the BitDefender researchers, the backdoor sends information about the system to a remote server and gives attackers control over the infected computer.
This latest attack follows a compromise on the Nobel Peace Prize website late last month, which tried to infect visitors by exploiting a previously unknown Firefox vulnerability.
The decision to award the prize to imprisoned Chinese human rights activist Liu Xiaobo has already generated a lot of controversy, with the Chinese government formally complaining to the Norwegian ambassador about it.