A website[gyalwarinpoche.com] connected to the Dalai Lama’s official YouTube channel [http://www.youtube.com/gyalwarinpoche] has been attacked by unknown hackers and left it infected with a malicious Mac software that puts visitor’s computers under surveillance.
A security firm F-Secure confirmed that the website of Tibetan exile leader was compromised with Dockster software, which was secretly installed by the hackers. The Dockster is a rare piece of Mac virus which was discovered few days ago. It works as a backdoor or a keylogger, it secretly stores visitor’s keystrokes and email it to the recipient.
According to F-Secure, the Java-based exploit uses the same vulnerability as “Flashback”, CVE-2012-0507. Current versions of Mac OS X and those with their browser’s Java plugin disabled should be safe from the exploit. The malware dropped, Backdoor:OSX/Dockster.A, is a basic backdoor with file download and keylogger capabilities.
There is also an exploit, CVE-2012-4681, with a Windows-based payload: Trojan.Agent.AXMO.
Exploit:Java/CVE-2012-0507.A — 5415777DB44C8D808EE3A9AF94D2A4A7
Backdoor:OSX/Dockster.A — c6ca5071907a9b6e34e1c99413dcd142
Exploit:Java/CVE-2012-4681.H — 44a67e980f49e9e2bed97ece130f8592
Trojan.Agent.AXMO — c3432c1bbdf17ebaf1e10392cf630847
For readers I would like to confirm one thing that this site is not the official website of Lama, however it is registered to the Dalai Lama’s offices in Dharamsala, India, and shares identifying info with the Dalai Lama’s YouTube channel.
NOTE: Do not visit gyalwarinpoche.com, it is still infected with MAC malware and still posses a threat to anyone who will visit the site or visit it at your own risk.