Google Warns of New Malware Targeting Vietnamese Activists

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Google has come forward with details about a wave of malware targeting activists in Vietnam who were protesting a government-led mining operation in partnership with a prominent Chinese company.

The cyber attacks were less sophisticated than the coordinated assault on Google (NASDAQ: GOOG) and more than 20 other firms that the company traced to China and made public in January, but nonetheless could have hit tens of thousands of users who downloaded a bogus keyboard driver, according to Neel Mehta, a member of Google's security team.

"This particular malware broadly targeted Vietnamese computer users around the world," Mehta said in a blog post. "Specifically, these attacks have tried to squelch opposition to bauxite mining efforts in Vietnam, an important and emotionally charged issue in the country."

According to McAfee, the software-security firm that first identified the malware, the architects of the attack likely hacked into the Web site of the Vietnamese Professional Society and replaced a legitimate program that enables Windows to support the Vietnamese language with a Trojan. They then sent out e-mails to their political opponents directing them back to the site to download the popular keyboard driver, called VPSKeys.

With the Trojans installed, the attackers assembled a botnet, and launched distributed denial-of-service attacks against blogs where activists have spoken out against the bauxite mining project.

McAfee discovered the malware operation while investigating the Chinese attacks known as Operation Aurora, and said that the two campaigns coincided but appeared to be unrelated, using a different set of command-and-control servers.

But like the Chinese operations, the Vietnamese malware appeared to be a "politically motivated attack," according to McAfee CTO George Kurtz.

"We believe that the perpetrators may have political motivations and may have some allegiance to the government of the Socialist Republic of Vietnam," Kurtz said in a blog post. "This incident underscores that not every attack is motivated by data theft or money. This is likely the latest example of hacktivism and politically motivated cyber attacks."

At issue is the government's partnership with Chalco, a subsidiary of the Chinese state-run mining firm Chinalco, to mine and process bauxite, one of Vietnam's most valuable natural resources, in the Central Highlands region. The project has sparked fierce environmental concerns, and revisited the uneasy relationship many Vietnamese have with their largest neighbor, which invaded the country in 1979, and exerted suzerain control over Vietnam for more than 1,000 years earlier in their history.

Meantime, Google's future in China remains far from clear. After moving its search operations offshore to Hong Kong in an effort to deliver the Web uncensored and in Chinese to the mainland, Google has experienced numerous instances of filtering that it has attributed to China's so-called "great firewall."

A dashboard that Google set up to monitor the availability of its services in mainland China indicates that only its ad program and Gmail service are operating without issue. On Monday, Google noted that its mobile service had become partially blocked, while access has been denied to YouTube, Blogger, and the company's hosted wiki service Google Sites, since it made the Hong Kong announcement.

Then on Wednesday, several media outlets reported that the Yahoo e-mail accounts of several journalists in China and Taiwan were disabled, as well as those of the World Uyghur Congress, an exile group that the Chinese government has condemned as a terrorist organization and accuses of fomenting a separatist movement in the Xinjiang region.

Kenneth Corbin is an associate editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.