Pro-Tibet sites infected with malware

Pro-Tibet sites infected with malware


Attacks 'specifically targeted' in wake of Olympic torch demonstrations against Chinese policies

Two sites favouring Tibet independence have been infected with malware in what appears to be a targeted attack, according the security-specialist ScanSafe.

The code embedded in the two sites could infect visitors with Trojan downloader code that can pull in other malware under remote control.

The infection has been cleared from one of the sites, Save Tibet, and the other, FreeTibet, is in the process of being cleaned according to Scansafe.

The attacks comes in the wake of demonstrations against the Chinese presence in Tibet along the Olympian torch route.

Spencer Parker, director of product management at ScanSafe says “These websites appear to have been specifically targeted as this is not a generic Trojan downloader. Someone or some group has gone to great trouble to rewrite the exploit and personalise it to the FreeTibet.org and SaveTibet.org websites. "

He said Scansafe had found an iFrame – ad HTML construct allowing embedded code - that re-directed visitors to a malware-infected site hosted in Taiwan.

Parker added:"There may be certain groups that are particularly keen to monitor or disrupt activities of pro-Tibet interests.”