Spyware/DDoS malware combo

Google’s security team member Neel Mehta has blogged about yet one more spyware attack on Google users from Asia. This time forces in Vietnam apparently are trying to spy on and stifle dissent from those opposed to the expansion of bauxite mining in the country’s central highlands. The dissenters are opposed to the environmental impact, the involvement of Chinese in the venture and the displacement of people who live in the mining area. Bauxite is the ore that aluminum is extracted from.

Chinese attempts to spy on dissident’s Gmail accounts made headlines in January. At that time, Google said it would pull its operations out of China because of a wave of hack attacks from China on it and more than 30 other companies, mostly in Silicon Valley. The attacks were largely based on spear phishing and exploited an Adobe .pdf vulnerability to plant Trojans. An investigation by Google showed that the attackers were trying to download information from the Gmail accounts of Chinese dissidents and steal source code.

The malcode that Google just found infects Vietnamese language keyboard software that has been downloaded worldwide. Mehta says the spyware also is capable of participating in distributed denial of service attacks against bloggers opposed to the mining.

Mehta advised those who think they may be infected to run scans on their machines since the malcode is in the detections of leading AV vendors.

“New technology like our suspicious account activity alerts in Gmail should also help detect surveillance efforts. At a larger scale, we feel the international community needs to take cybersecurity seriously to help keep free opinion flowing,” he said.

Google Security Blog here.