My invitation to attend the Nobel Prize presentations in Oslo seems to have gone astray again.
However, perhaps that’s just as well.
The Committee to Protect Journalists reports that:
“This weekend, staff at CPJ received a personal invitation to attend the Oslo awards ceremony for Nobel Peace Prize winner Liu Xiaobo. The invite, curiously, was in the form of an Adobe PDF document. We didn’t accept. We didn’t even open the e-mail. We did, however, begin analyzing the document to see was really inside that attachment, and what it was planning to do to our staff’s computers.
NGOs and journalists who work or report on human rights issues in China now regularly receive e-mailed attachments, often PDFs, which on closer examination prove to be malicious code sent from unknown sources. These attachments contain embedded programs that execute when the file is opened, and take advantage of local security flaws to install concealed software on their victims’ machines.
This secret software can delete or create files, commandeer the computer for cyber-attacks on other targets, or just sit and record keystrokes and network traffic, which it will then report to a remote “command-and-control” server elsewhere on the Net. A computer with this malware installed is an open book to whoever is controlling the program.
Malware is a problem for everyone. We’re all used to shady characters spamming us e-mail with enticing subject titles. But vulnerable journalists and activists receive far more sophisticated, customized messages that use narrow intelligence about their contacts and interests in order to trick their recipients into opening them. This Nobel e-mail, for instance, was sent from a colleague at a known NGO who I’ve personally met and who has invited CPJ to events in Oslo previously. The PDF, when opened, showed a legitimate-looking invitation with the organization’s logo and the signature of the NGO’s founder.”
I would probably have opened the attachment without thinking, despite being aware of the dangers. What would you have done?