Dalai Lama website hack spreads new Mac malware

The Java-based exploit CVE-2012-0507 is pushing the Dockster malware via the site, F-Secure reports, which was established in 2010 to bring Dalai Lama supporters a raft of news and information with embedded YouTube videos. Sophos theorizes that the hack is meant to attack sympathizers of the Buddhist leader, a central figure in the Tibetan movement to establish its freedom from China.

In any event, the threat is far from advanced. “This relatively simple backdoor trojan, found on Virus Total, provides a remote shell to give a remote attacker access to the system, provides a channel for downloading additional files and has keylogger functionality,” explained David Harley, in a blog on Infosecurity.

Thus, despite it being deployed in the wild, Lysa Myers, a researcher at Intego, noted that “This is still considered to be low-risk as this is not known to be widespread and the vulnerability targeted by the exploit code is corrected by the latest version of Java.”

The attack, however, is just the latest in what has become a global groundswell of hacktivism, on all sides of the issue. The Dalai Lama has seen his share of cyber-rattling, so to speak, with another recent attack last month by the Imuler Trojan, which was packaged with images of Tibetan organizations.

“If your Mac was successfully infected by malware like this, you have effectively given remote control of your computer and your data to an invisible and unknown party,” explained Graham Cluley at SophosLabs. “They could steal files from your Mac, spy on your emails and plant further malware onto your systems.”

He added wryly: “It will be left as an exercise to the reader to come up with a shortlist of who might have an interest in breaking into the computers of Tibetan organizations.” 

Hacktivism is expected to continue to be a concern worldwide headed into 2013. Making one’s political leanings known is one thing – full-blown infrastructure compromise is another. It is escalation to the latter that has national and corporate security concerned, according to a recent report from the ISF.

“An extremely important aspect of cybersecurity will continue to be the protection of critical national infrastructure,” ISF noted. “A real cybersecurity concern however could be a full internet or telecommunications blackout in the eventuality of a sophisticated cyber-attack aimed at the internet infrastructure. Whilst unlikely, it remains a possibility.”

What’s hot on Infosecurity Magazine?