As is often the case with high profile news stories, malware authors are quick to theme the social engineering of their attacks accordingly. Today, SophosLabs received a submission of the following email message which had an attached Word document:
Dear Friends & Colleagues, Please find enclosed a massage from His Holiness the Dalai Lama in support of the recent pro-democracy demonstrations taking place in Burma. This is for your information and can be distributed as you see fit.
Office of His Holiness the Dalai Lama
The attachment (filename:
hhdl burma_001.doc) is a malicious Word document (proactively detected as Exp/1Table-B), crafted to exploit a vulnerability in Word in order to drop and run a malicious Trojan (proactively detected as Troj/Agent-GCU). The message also contained a link to the website of the Dalai Lama.
As ever, be alert for social engineering tricks used by malware authors, particularly those that are themed on topical, global news items.