According to Symantec Security Response, Trojan.Dosvine is the latest instance of what appears to be the growing trend of malware being used for political purposes.
The IT security vendor says that initial reports on this attack have compared it to the Trojan.Hydraq/Aurora incident from earlier this year.
However, Symantec says that this comparison is not entirely accurate since the motive behind the Hydraq incident was industrial espionage.
In contrast, the motive behind Trojan.Dosvine seems to be prevent access to strategic Vietnamese websites.
Because of this, Symantec's research division says a better comparison would be to Trojan Dozer, as this threat attempted to perform a DDoS attack against a number of strategic sites in North Korea last year.
In a blog posting about the malware, Patrick Fitzgerald, a Symantec security expert, noted that Dozer first surfaced in July 2009 and was immediately classed as a regionally politically motivated threat.
In the posting, Fitzgerald noted that hijacking the update mechanism is an interesting technique, but what is more interesting is that the same technique is being used in this attack.
"Our telemetry shows that Vietnamese websites are the targets in this attack... It also shows that outside of Vietnam there seems to be a correlation to the relative sizes of the Vietnamese communities in the affected countries", he said.
Because of the security risks, Fitzgerald says that the following URLs should be blocked:
- voanews.ath.cx
- ymail.ath.cx
- tyuqwer.dyndns.org
- adobe.ath.cx
- update-adobe.com
- google.homeunix.com
- blogspot.blogsite.org