Malware authors capitalise on Burmese demonstrations

As is often the case with high profile news stories, malware authors are quick to theme the social engineering of their attacks accordingly. Today, SophosLabs received a submission of the following email message which had an attached Word document:

Dear Friends & Colleagues, Please find enclosed a massage from His Holiness the Dalai Lama in support of the recent pro-democracy demonstrations taking place in Burma. This is for your information and can be distributed as you see fit.

Best wishes.

Tenzin Taklha
Joint Secretary
Office of His Holiness the Dalai Lama

The attachment (filename: hhdl burma_001.doc) is a malicious Word document (proactively detected as Exp/1Table-B), crafted to exploit a vulnerability in Word in order to drop and run a malicious Trojan (proactively detected as Troj/Agent-GCU). The message also contained a link to the website of the Dalai Lama.


As ever, be alert for social engineering tricks used by malware authors, particularly those that are themed on topical, global news items.