Botnet attacks blogs by Vietnamese dissidents
According to Neel Mehta of Google's security team, blogs critical of the Vietnamese government have been subjected to distributed denial of service attacks (DDoS). The attacks originated from computers infected with malware disguised as a Windows keyboard driver for the Vietnamese alphabet. The trojan both steals information from the computer itself and turns it into a bot. Potentially, tens of thousands of computers may be infected.
According to George Kurtz, Chief Technology Officer at security software vendor McAfee, the botnet started up in late 2009. The website of the Vietnamese Professionals Society (VPS) is believed to have been compromised and the popular VPSKeys keyboard driver on the site replaced with a trojan. The attackers then lured potential victims to the site via email, where they then downloaded the disguised malware. The botnet is still active.
Kurtz believes that the attacks are politically motivated and that the attackers have connections with the Vietnamese government. Attacks are reported to have been targeted at bloggers protesting against a bauxite mine in the central highlands. The project is a joint project between Vietnam and China. Opponents are warning of massive and permanent damage to the environment. According to Kurtz, the incidents demonstrate that attacks are not always money-oriented, but can also be politically motivated.
Google's Mehta states that although the attacks on Vietnamese blogs are less sophisticated than those used to monitor email accounts belonging to Chinese human rights activists, they are a further example of the danger – political or otherwise – that malware can pose online. Government censorship and apparently politically motivated hacking attacks have prompted Google to withdraw from China.