Mac Malware Targeting Dalai Lama Supporters

[DharmaSpace]

New malware targeting Mac users has been discovered on a website associated with the Dalai Lama.

"Acting on a tip, a member of our Threat Research team (Brod) has discovered a Dalai Lama related website is compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit," blogged Sean Sullivan, security advisor for F-Secure.

Mac OS X Targeted AttacksThe Java exploit targets the same vulnerability used by the "Flashback" malware attacks earlier this year – CVE-2012-0507, which has been patched. Current versions of Mac OS X and anyone with their browser's Java plugin disabled should be safe from the exploit, Sullivan added.

"This is not the first time gyalwarinpoche.com has been compromised and it certainly isn't the first time Tibetan related NGOs have been targeted," he noted.

In fact, just last month Tibetan activists were observed being targeted by a new variant of the Imuler (Revir) Trojan via malicious emails. The messages would include images of pro-Tibetan groups as a lure to get victims to open the malicious files. Once executed, the malware would steal data from the system and upload it to a remote server.

Another attack targeting Tibetan activists was uncovered in March when researchers at Trend Micro released details about an attack campaign whose targets not only included the activists but also military research, aerospace and energy companies in India and Japan.

The malware in the latest attack is detected as OSX/Bckdr-RNW by Sophos. According to Senior Technology Consultant Graham Cluley, once a computer is infected, attackers will be able to steal data from the system and capture the victim's keystrokes.

"The attack was presumably designed to infect computers visiting the Dalai Lama-related website, which - one would imagine - would belong to [sympathizers] with the exiled Tibetan government," he blogged.

There is also an exploit for CVE-2012-4681 that delivers a Windows-based payload – Trojan.Agent.AXMO, Sullivan noted. Like CVE-2012-0507, CVE-2012-4681 is a Java vulnerability and was patched by Oracle earlier in the year.

http://www.securityweek.com/mac-malware-targeting-dalai-lama-supporters

Mac are one of the most safest OS out there for them to target Macs and also Dalai Lama Supporters suggests that someone is really pissed off with the conduct of Dalai Lama Supporters. It must be bordering on rage for you to write something code like that. How is Tibet ever going to be independent if the CTA, supporters and Dalai Lama supporters keep making enemies with people?

Has the CTA in all the time it has been in power offered any concessions or an olive branch to its Dorje Shugden citizens, monks or groups? Usually when new regimes come to power they would offer amnesty or something of that gesture to create good will. Has the CTA done anything of that nature?

[DharmaDefender]

What I find to be slightly amusing and ironic is the fact it is targeted to Mac users, not Windows. Why?

Well its been suggested in the past that those who support the Tibetan cause are hippies, yuppies or people who generally lack in-depth knowledge about geopolitical and socio-cultural issues but jump from cause to cause du jour.

It has also been suggested in the past that those who use Mac OSs are hippies, yuppies or people who generally dont know much about computers, or have full appreciation for their processing power but instead buy Macs on the strength of the advertising.

So a general conclusion one can make from the emergence of this virus that the Mac users are generally Free Tibet supporters, and Free Tibet supporters are Mac users, and who are hippies, yuppies or people who succumb to advertising and who generally lack in-depth knowledge about geopolitical and socio-cultural issues!

How is this related to the Dorje Shugden issue? I dont know but I just found it very funny that hipsters are being targeted hehehe

[fruven]

As mentioned in the article this is a Java exploit. As Java is ubiquitous in the computing world everyone should update their system not only those who are on Mac platform. Malware are mostly created for the purpose of financial gain. They will used whatever means including things the victim trusted or sympathize with to trigger the malware to infect their system.

[kris]

Malware is very common nowadays, and malware is very fast evolving. If the server is not using the latest software or upgrade, the chances is being "attacked" by malware is high. Most of the time, the attack is not even intentional. The malware just look for random servers to "hack".

The affected website is not even HH Dalai Lama's website. It is just a website related to Him. As such, it is highly possible that the website wasn't maintained well and as such "attacked" by malare. Therefore, just relax, nothing major is happening here.

Even if the attack is intentional, I am not surprised, because any person/organization with a lot of supports will also have a lot of people who hate them. Same goes to HH Dalai Lama.

[Ensapa]

Malware is very common nowadays, and malware is very fast evolving. If the server is not using the latest software or upgrade, the chances is being "attacked" by malware is high. Most of the time, the attack is not even intentional. The malware just look for random servers to "hack".

The affected website is not even HH Dalai Lama's website. It is just a website related to Him. As such, it is highly possible that the website wasn't maintained well and as such "attacked" by malare. Therefore, just relax, nothing major is happening here.

Even if the attack is intentional, I am not surprised, because any person/organization with a lot of supports will also have a lot of people who hate them. Same goes to HH Dalai Lama.

As everyone respects the Buddha now, even back during His time he also had detractors and people who taught that he was a fraud and didint see His greatness, so what is new? Everyone will have fans and enemies, its just the nature of samsara. Nothing new or old, but i agree with you that the website may have been created by amateurs who do not know much about making websites and they may have not secured the website enough from attackers or from viruses resulting in the website being taken down, but then again why so paranoid about the Dalai Lama's security? He does not have the karma to be harmed....so yeah