NetTraveler Malspam Campaign Targeting Regional Tibetan Youth Congress
Data de publicação: 25 junho 2013
The NetTraveler campaign is a series of malware spam attacks used against different companies and governmental institutions. Included in this list are the Tibetan/Uyghur activists. Recently, we received a spammed mail which is part of this campaign that targeted the Regional Tibetan Youth Congress.
The attack used was in a form of spam email which contains a short message, has a Microsoft Word document as an attachment and is addressed to the organization located in Mundgod, India. To make the attack appear legitimate, the mail sample purports itself to be sent by an email address owned by The Global Times. Further investigation revealed that the source was not The Global Times but a different domain entirely. The attached document is also verified as malicious.
The email and the malicious file are detected as TROJ_ARTIEF.PRM and concurrently blocked.
The attack used was in a form of spam email which contains a short message, has a Microsoft Word document as an attachment and is addressed to the organization located in Mundgod, India. To make the attack appear legitimate, the mail sample purports itself to be sent by an email address owned by The Global Times. Further investigation revealed that the source was not The Global Times but a different domain entirely. The attached document is also verified as malicious.
The email and the malicious file are detected as TROJ_ARTIEF.PRM and concurrently blocked.
Data/Hora do bloqueio de spam: 25 junho 2013 GMT-8
TMASE
- Versão do mecan
- Patrón TMASE: 9972