Analysis by: Hiroshi Shinotsuka
Recent malware campaigns that used Tibet-related issues as bait have been well documented and it should come as no surprise that we have seen another Tibetan-themed attack using a malicious Word document. The emails involved in the attack are in English and were sent to a clothing company in the United States.
While they appear to come from Tibet-related organizations, the email headers revealed that they were sent from a mail server in Russia.
Recently, we discovered a file that differs to other malware in that it uses a well-known graphics card manufacturer’s legitimately signed program as an attack vector.
After opening the attached document file, a vulnerability—CVE-2012-0158...