January 25, 2006

Manchurian Candidate

.
The Register reports that Chinese hackers attacked UK government targets during the Christmas holidays using the Microsoft Windows Meta File (WMF) exploit. The attacks - initiated before Microsoft's patch against the vulnerability was released on 5 January - came in the form of contamination emails that originated in China. It's unclear if independent hackers or the Chinese government initiated the attack.

Contaminated messages posed as information about a secret rendezvous are were sent to around 70 people in parliament and elsewhere in the UK government.

The WMF-themed attacks are the latest twist in an armada of specially crafted Trojan horse attacks dating back over a year. Last June the UK's National Infrastructure Security Co-ordination Centre (NISCC) warned that approximately 300 UK government departments and businesses critical to the country's infrastructure have been the subject of Trojan horse attacks, many reportedly originating in the Far East. "The attackers' aim appears to be covert gathering or transmitting of commercially or economically valuable information," NISCC warned.