Internet virus attack targets G20 Tibet protesters


Tibetan protesters

(, Nov17, 2014) – Cyber criminals have unleashed a virus designed to take control of computers of Tibet campaigners and their email contacts during the G20 summit being held in the Australian city of Brisbane over Nov 15-16, reported Nov 16. The virus, embedded in a malicious email attachment, hacks into a recipient’s computer camera and uses it to spy on the owner.

The report said the email, titled “Join us at a rally for Tibet during the G20 Summit”, purports to be from the Australian Tibet Council, one of the groups organizing the Tibet protests during the summit, and includes a word document titled A_Solution_For_Tibet.

The report said Cyber security company ESET had disseminated a warning about the email and the Word document after finding that it contained a virus, labelled as Gh0st Remote Access Trojan (RAT) and detected as Win32/Farfli.

The warning was cited as saying that it was a “pretty classic case of spear phishing email” in which the receiver is lured into opening the infected attachment. Cyber security expert Ty Miller has said this particular type of ghost Trojan was designed for spying by getting into user’s camera and audio functions.

Once infected, the computer can be totally controlled by the hacker. “It could be coming from anyone,” he was quoted as saying. “It could be a malicious virus or foreign governments who want to see what protesters are doing. It could just be attackers trying to expand the number of computers that they have control of.”

Mr Miller, founder of Threat Intelligence, has said events like the G20 were “great opportunities for attackers to use the specific events and audience to make a targeted attack more convincing”. However, he has added, the effectiveness of the Tibet attack would be limited because it uses a vulnerability in Microsoft Word that was eliminated in a software update in April.


Please enter your comment!
Please enter your name here