The video appears to be a simple protest cartoon packaged in an executable file. But the 'Race for Tibet' movie also contains a piece of key-logging malware that installs itself as a driver.
The cartoon shows a Chinese gymnast performing in an event along with images from the recent riots and government crackdowns in Tibet. The user is then urged to join a 'race for Tibet' protest.
McAfee researcher Patrick Comiotto warned that the movie initially infects the user with a malicious driver. The file is installed in the '%windir%/system32/' driver folder under the name 'dopydwi.sys'.
The file then proceeds to create a .dll file that logs keystrokes which are later uploaded to a server in China.
The cartoon is the latest in a series of attacks that have tried to take advantage of the recent events in Tibet and the upcoming Olympic games in Beijing.
Malware-laden
fake petitions and press releases were sent out to pro-Tibet groups in early March following initial rioting in the region.
By last week, the Trojan involved in those attacks was linked to a larger series of
SQL website attacks.
Piggybacking on current events has become a common social-engineering tactic for malware distributors.
Events ranging from the Virginia Tech shootings to the execution of Saddam Hussein have been exploited by hackers to infect unwitting users.