Cyberattacks May 2013 – Malware on PRU 13 General Elections (Ubah!!)
As Malaysian are excited on the voting days which held at least once every five years. A new Malware has been discovered FinFisher (also called FinSpy). FinSpy is a commercially sold spyware package.
Canada based interdisciplinary laboratory had discovered a sample of FinFisher (a.k.a. FinSpy) surveillance in a Microsoft Word document crafted specifically for Malaysia’s 2013 general elections.
The specifically crafted Malware with the capability of:
- hijack the camera and microphone.
- infiltrates computers to grab screenshots.
- record chat conversations.
- log keystrokes.
Internet-based sources revealed this attack is targeting on Microsoft Word 2003. It will run VB-Macro and a fake FireFox 14.0 which named as “WINWORD.exe” will be created. The victim’s computer will communicate with the FinFisher Command & Control servers as follow:
- Block the IP(s) 18.104.22.168 and 22.214.171.124
- Be wary before clicking on links or opening files received from known/unknown sources.
May refer to Macro Security Levels in Office 2003 Macro Security Level
Full details by F-Secure: F-Secure Analysis