15 Nov 2010

Malware poses as Nobel Prize ceremony invite

The Committee to Protect Journalists recently reported a new malware strain that lures victims through a fake invitation to the Nobel Peace Prize ceremony.

According to the committee’s website, members of their staff received an email that claimed to be a personal invitation to the awards ceremony in Oslo, Norway, where jailed Chinese human rights activist Liu Xiaobo will be honored.

“The invite, curiously, was in the form of an Adobe PDF document. We didn't accept. We didn't even open the e-mail,” wrote Danny O’Brien, CPJ’s internet advocacy coordinator. “We did, however, begin analyzing the document to see was really inside that attachment.”

The attachment contained malware that installs software on users’ machines. The software can delete and create files, take over the computer to coordinate attacks on other targets and record keystrokes and network traffic.

“A computer with this malware installed is an open book to whoever is controlling the program,” wrote O’Brien.

NGOs and human rights journalists are often targeted by malware. Recently, the headquarters of Amnesty International Hong Kong were attacked by an Internet Explorer zero-day exploit.