Pro-Tibet websites infected with Trojans

Two websites dedicated to Tibetan independence have been infected with malware, according to Scansafe.

The security firm said it had detected specifically written Trojans on Freetibet.org and Savetibet.org.

Visitors to the home pages of these sites are exposed to an iFrame that redirects them to a site that hosts a Trojan downloader.

It then attempts to install itself using an exploit in a browser or a flaw in an application. If successful it will then install other malware and unwanted software on to a victim's PC.

Spencer Parker, director of product management at Scansafe, said: “These websites appear to have been specifically targeted as this is not a generic Trojan downloader.

"Someone or some group has gone to great trouble to rewrite the exploit and personalise it to the Freetibet.org and Savetibet.org websites.

“Scansafe threat detection technology found an invisible iFrame which redirects innocent visitors to a malware-infected site which we have tracked to servers hosted in Taiwan.

"Given the recent events in Tibet and the protests around the forthcoming Olympics and the Olympic Torch Run, there may be certain groups that are particularly keen to monitor or disrupt activities of pro-Tibet interests.”

Scansafe said very few commercial anti-virus technologies are able to detect this threat. It has issued an alert warning web surfers that the pro-Tibet sites have been unknowingly hosting malware and infecting visitors by installing malware on to the victim’s PCs.

“Given the world’s attention on relations between China and Tibet ahead of the Olympics, it makes sense that these sites would be targeted as web surfers go online to learn more about Tibet and Tibetan independence.

“We recommend web surfers take extreme caution and that all websites review their security policies in the light of these latest developments.”

Scansafe has also notified both sites about the malware.