For the second time in a week miscreants have taken advantage of the Olympics in an attempt to load malicious software on to PCs of unsuspecting Internet users.
McAfee Avert Labs has discovered a file that appears to be a cartoon that ridicules the effort of a Chinese gymnast at the games followed by images supporting a free Tibet. But the cartoon does more than protest against China. While the movie runs, a keystroke logging tool is installed on to the user’s Windows PC and hidden by a rootkit, making it harder to detect and remove.
McAfee researcher Patrick Comiotto says: “This is a pro-Tibet Rootkit. What looks like a simple Flash movie actually silently drops a number of files on to your PC and then hides those files.”
The malicious cartoon is distributed as an e-mail attachment called “RaceForTibet.exe". Information captured by the keystroke logger is transmitted to a computer that appears to be located in China. The threat affects Windows PCs only.
Discovery of the keystroke logger with a rootkit comes days after McAfee Avert Labs warned of pro-Tibet Web sites being modified by attackers to host malicious software. The “Fribet” Trojan horse was placed on hacked Web sites and subsequently loaded onto the PCs through a Windows vulnerability unbeknownst to Web surfers.
Dave Marcus, security research and communications manager at McAfee Avert Labs, comments: “Cybercrooks are increasingly taking advantage of the high general interest in the Olympic Games to trick people into giving up personal information or to load malware onto their PCs. If you want to watch the Olympic Games it is better not to do it by opening a file that appears to be a movie that comes in e-mail.”