Word-dokument installerade keyloggers som skickade data till Kina

published Apr 12, 2008 08:44 by admin ( last modified Apr 12, 2008 08:44 )

Det verkar som ett antal säkerhetspatchar till MS Office kom eftersom det verkade som om känsliga data skickades över Internet från säkerhetsklassade dator i USA. T ex kunde ett Worddokument som utgav sig för att vara en CV för en jobbansökan krascha Office och samtidigt installera en keylogger.

En del av trafiken som skickades tycks ha gått till servrar i Kina. Där ser man.

The malware then forwards the stolen information to services called DNS bouncers in China, such as 8800.org, that attackers can use to obfuscate and rapidly change where stolen documents or passwords are sent. Finally, the code opens up what looks to be a legitimate document, in the hopes that the target won't know his or her computer was just infected. The espionage was highly successful, according to Hyppönen. One multi-billion-dollar defense contractor who went to F-Secure for help found that a single compromised Windows box had been secretly siphoning information to a server in mainland China for 18 months.

Läs mer: Espionage Against Pro-Tibet Groups, Others, Spurred Microsoft Patches