The 1959 Tibetan uprising, or 1959 Tibetan Rebellion began on 10 March 1959, when a revolt erupted in Lhasa, the capital of Tibet, which had been under the effective control of the Communist Party of China since the Seventeen Point Agreement in 1951. The anniversary of the uprising is observed by some Tibetan exiles as the Tibetan Uprising Day.
With various security threats in these days, users need to be careful on using internet.
Especially, APT(Advanced Persistent Threat) about Tibet will be booming in these days.
2. Spreading path and symptoms of infection
* Case #1
It is disguised as a content of 53rd Tibetan Uprising Day and announcement on March 10 with encrypted PGP(pretty good privacy) message.
Especially, its e-mail domain is @Tibet.net which expected that the sender's mail address can be hijacked in APT.
Sending mail by trustworthy domain will make high possibility on additional malicious attacks.
Executing "March 10th Statement.doc", attached in e-mail, will install and run additional malicious files(svchost.exe, linkinfo.dll) with using security hole.
This doc file has MS10-087(CVE-2010-3333) vulnerability. And we found some tools which can create malicious file using that exploit in China.
Word file contains nothing.
Usually, we think the sender made mistake. At the same time, users are being infected with opening doc file.
* Case #2
We found another malicious e-mail which is including malicious doc file and a poster about53rd Tibetan National Uprising Day March 10th 2012.
When executing, we can see following poster and malicious files will be installed.
The trend of malicious file is spreading indiscriminately. To be safe from various security threats, maintaining latest security update is the most important and users need to be concerned about Zero-Day attacks.
3. How to prevent
In case of this malicious file is a type of APT(Advanced Persistent Threat) which tries to deceive users with untruth information.
This security hole can be filled by MS Office's latest security update.
To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.