Chinese cybercriminals have crafted a sophisticated, robust malware attack that exploits growing political tension and fear over Iran's alleged covert nuclear weapons program to infect PCs.
The goal of the hackers is to corrupt the computers of U.S. military employees, according to researchers from the security firm Bitdefender, who detected the malware.
Calling it "the perfect firebomb," the China-borne malware embeds itself in an email with an attached Microsoft Word document titled "Iran's Oil and Nuclear Situation.doc." The document, Bitdefender explained, contains an Adobe Shockwave Flash applet that attempts to get the recipients to load a fake YouTube video.
While the rigged video (an .mp4 file) loads, the malware exploits an Adobe Flash flaw that sneaks an executable file into the initial Word document.
If it sounds complicated, that's the point, Bitdefender's Bogdan Botezatu said.
"The operation is covert: the MP4 file triggering the exploit is streamed from the Web, which means the PC will be exploited by the time an anti-virus would generally scan a file,
" he wrote.
Further, the malicious file delivered inside the doc file (us.exe) has multiple layers of obfuscation to dodge detection."
Once the malware is implanted on a victim's computer, it communicates with a command-and-control server in China.
Carefully crafted exploits aimed at military targets are nothing new; a November congressional report outlined state-sponsored cybercrime missions carried out by Chinese and Russian criminals against U.S. government agencies.
And the infamous "Operation Aurora" attacks, launched by Chinese cybercriminals, targeted more than 200 major U.S. companies, including Google and Morgan Stanley.
Because advanced persistent threats like this can be difficult to detect and eliminate once they're on your system, it's important to never click on any attachment that appears at all suspicious.
It's also crucial to install a software firewall and run strong anti-virus software on your computer, and to download security patches for vulnerable programs as soon as they become available.