F-Secure, AlientVault and Kaspersky experts have analyzed the attacks

Mar 14, 2013 16:29 GMT  ·  By

Security researchers from Kaspersky and AlienVault have analyzed the latest series of attacks directed at Tibetan and Uyghur activists.

The cybercriminals are spreading a relatively new piece of malware, ItaDuke, by exploiting the latest Adobe Reader vulnerability, the one patched by Adobe in February.

The attacks start with apparently innocent PDF documents that hide an exploit detected by Kaspersky as Exploit.JS.Pdfka.gjc. The exploit code contains some evasion mechanisms to ensure it’s not detected easily by antivirus software.

Experts believe that the synchronized attacks against both Tibet and Uyghur activists might have something to do with the human rights conference that took place a few days ago in Geneva.

It appears the PDF exploit is not the only one used against Uyghur and Tibetan activists. F-Secure experts have identified compromised websites that push malware onto visitors’ computers by exploiting a Flash vulnerability.

Technical details of the campaigns are available here (Kaspersky), here (AlienVault), and here (F-Secure).