Tibetan letter attacks target Windows PC

Trendmicro has published details of a targeted attack which uses social engineering to fool its victims into opening a Word Document which contain malicious codes.

The Word files are sent as attachments via email. It is not known whether the malicious code can be deactivated when opened with a non MS Word word processor - OpenOffice.org or Google Apps.

ComputerWorld understands that a vulnerability in parsing Microsoft Word system's file format is exploited by the criminals.

According to Research Project Manager Ivan Macalintal, the documents contain real press releases and news articles that are related to groups and organisations supporting the Tibetan government in exile.

The author of the blog, Jake Soriano, said that social engineering technique has been seen previously, adding "In October, a Trojan detected as TROJ_MDROPPER.WI also rode on the newsworthiness of the monk-led protests in Myanmar by arriving as an attachment to spam, which purported to be a message of support from the Dalai Lama to the monks. The said technique is also a familiar one from WORM_NUWAR’s book: leveraging on headline-grabbing events to facilitate its propagation."