Google announces that politically motivated cyber attack has used against Vietnamese people and all others who use this language in their computer systems. The attacks themselves are known to be used to spy computer users and to participate in DDoS attacks. Political attack is known to be targeted at the opposition to bauxite mining and have been spread since late 2009.
How does the whole thing work? Well, this malicious attack has already affected ten thousands of people who just wanted to download Vietnamese keyboard language software. For this purpose, hackers have created a botnet. A code that acts as if it were a keyboard driver infects a computer and joins it to the botnet.
"We believe the attackers first compromised www.vps.org, the Web site of the Vietnamese Professionals Society (VPS), and replaced the legitimate keyboard driver with a Trojan horse. The attackers then sent an e-mail to targeted individuals which pointed them back to the VPS Web site, where they downloaded the Trojan instead," claimed McAfee CTO George Kurtz.
The rogue keyboard driver was identified by McAfee as W32/VulcanBot. The following malware is installed onto the compromised system:
- %UserDir%\Application Data\Java\jre6\bin\jucheck.exe
- %UserDir%\Application Data\Java\jre6\bin\zf32.dll
- %UserDir%\Application Data\Microsoft\Internet Explorer\Quick Launch\VPSKEYS 4.3.lnk
- %RootDir%\Program Files\Adobe\AdobeUpdateManager.exe
- %RootDir%\Program Files\Java\jre6\bin\jucheck.exe
- %RootDir%\Program Files\Microsoft Office\Office11\OSA.exe
I would highly recommend you to use a reliable malware removal tool to get rid of any similar infections. In order to avoid such attacks in future, use reliable and up-to-date antivirus and antispyware software. Turn on a firewall and download all the necessary security patches. Without a doubt cyber criminals will then have fewer ways to hack into your system and perform malicious activities.