Starting on July 3, Kaspersky Lab researchers have begun intercepting targeted emails with “Dalai Lama’s birthday on July 6 to be low-key affair” in the subject line:
The email also carries a .doc file with the same name.
Unfortunately, the file in question is boobytrapped and, once run, it exploits a vulnerability in Windows Common Controls, which opens the door for the backdoor Midhos Trojan to be dropped and installed onto the system.
The backdoor then tries to contact a C&C server located on the same IP address that previously spotted attacks targeting Mac users have used, and get its instructions from there.
In the meantime, the victims are presented with an article detailing the aforementioned low-key plans so that they would not suspect something was amiss.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.