Dalai Lama Web Site Hacked, Serves Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

F-Secure researchers recently found that a Web site for the Dalai Lama has been compromised and is pushing new Mac malware called Dockster.

"The website in question, gyalwarinpoche.com, is not the Dalai Lama's official homepage; however, it is registered to the Dalai Lama's offices in Dharamsala, India, and shares identifying info with the Dalai Lama's YouTube channel," notes Fast Company's Neal Ungerleider.

"The Java-based exploit uses the same vulnerability as 'Flashback,' CVE-2012-0507," writes F-Secure security advisor Sean Sullivan. "Current versions of Mac OS X and those with their browser's Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities."

Sophos' Graham Cluley notes that the exploit also attempts to download Windows malware called Troj/Agent-ZCT. "However, in our tests we were unable to get the code to run properly," he writes.

"Don’t rest easy assuming these sneaky programs are isolated, state-sponsored efforts targeting one prominent figure or one beleaguered nation like Tibet," advises Betabeat's Steve Huff. "As illustrated by this April report from Kaspersky Lab on the SabPub Mac trojan, cyber attackers are finding their way into Macs for a wide variety of reasons. Mac holdouts who have abstained from downloading antivirus software may have some thinking to do."