Virus Attack On Pro-Tibet Internet Users

Beijing Olympic 2008 Logo

With the torch relay event just graced us last Monday, the Beijing Olympic Games 2008 is seems to be what people are talking nowadays. It is a hot topic in the kopitiam, on the television news, in the newspapers and of course, the ever reliable Internet. But the games is hardly what’s on everyone’s mind. It is the Pro-Tibet / Pro-China protests that are all over the news, sharing the limelight with the biggest sports event this year.

If you have yet to hear about these protests, or the Beijing 2008, I have to ask you this, which cave have you been hiding in? In a nutshell, Pro-Tibet groups have used this year’s Olympic Games opportunity to create awareness and to give pressure to the Chinese Government to free Tibet from its choking hold.

Free Tibet

This article will not describe more about these protests but instead will concentrate on the latest news on Internet Security. Since hackers and Internet criminals always rely on the Internet trends of the moment to execute their illegal scheme, they have now chosen the China / Tibet controversy to target their victims and wreck havoc on the Internet.

Catching up with the news of the moment, the hackers knew that the Internet users will most definitely be interested to read news regarding the China / Tibet updates. With this in mind, they proceed to spam users’ inbox Internet-wide with emails containing false news about the protests but with a virus attached to it.

This virus or malware is called the ‘Fribet’. Emails with subject headings like, ‘Free Tibet’, ‘Proof of Tibetan Abuse’, and other similar varieties are being sent out to Internet users around the world, with a piece of a flash movie called the ‘RaceForTibet’ and of course , hidden from view, the ‘Fribet’ Trojan attached to it.

When the users’ click to download and play the short clip, the ‘Fribet’ will be downloaded onto the users’ computers and then it will install a keystroke logger onto the infected computers and transfer the stolen data to a server in China.

Fribet Virus

TechNewsWorld revealed that the ‘RaceForTibet’ is actually a short animation clip that showed a Chinese gymnast and some free Tibet images, and was initially sent out to Internet users’ on pro-Tibet groups’ mailing lists. And then the emails were unknowingly forwarded to more Internet users that might just include you and me. So if you have seen this clip, do run a virus-scan on your computer as soon as possible.

Fribet is also able to embed itself in hacked websites, and then download itself onto the website’s visitors’ computers. This Trojan has already attacked a few of the pro-Tibet websites, so users have been warned to not only expect this Trojan in their inbox but should also to be extra cautious when clicking on links to download executable files.

The F-Secure website also reported that emails with malicious attachments other than the ‘Fribet’ were also sent out to target members of the pro-Tibet groups. The Trojan from these emails will open a back door on the infected computer, and thus allowing the attacker to remotely access the data on the computer.

Examples of the attached files:

Virus List
taken from here

Do keep a look out on these file names, so you won’t be unlucky enough to have your computer infected with a virus. It is very hard to avoid these viruses but we can definitely do our best to try. Update your virus definitions regularly, do not open emails from unknown senders and remember to scan any files that you have downloaded from the Internet.

We cannot control the fate of Tibet but we can definitely help our friends and families by not accidentally spreading any viruses to the people on our contact lists. It is always better to be safe than sorry.