“Dalai Lama’s birthday plan” email leads to backdoor

Today marks the current Dalai Lama’s 77th birthday – an occasion that served as a perfect ploy to make his supporters unknowingly install a backdoor on their systems.

Starting on July 3, Kaspersky Lab researchers have begun intercepting targeted emails with “Dalai Lama’s birthday on July 6 to be low-key affair” in the subject line:

The email also carries a .doc file with the same name.

Unfortunately, the file in question is boobytrapped and, once run, it exploits a vulnerability in Windows Common Controls, which opens the door for the backdoor Midhos Trojan to be dropped and installed onto the system.

The backdoor then tries to contact a C&C server located on the same IP address that previously spotted attacks targeting Mac users have used, and get its instructions from there.

In the meantime, the victims are presented with an article detailing the aforementioned low-key plans so that they would not suspect something was amiss.