More attempted computer attacks on DPRK researchers

I have documented two previous waves of malicious email attacks intended to hack the computers of just about everyone (really!) that has anything to do with the DPRK.  See these posts here and here.

Well, I recently received two more examples of malicious emails from someone in the “North Korea community”. The email information is below for your review.  If you receive similar emails, please send them to me to make public and make sure to include the “email header data”.

Email 1:

From: Howard Thompson [mailto:[email protected]]
Sent: 23 August 2011 09:39
To: [deleted]
Subject: Photos-North Korea’s new Nuclear Facilities

Recently, I get photos about North Korea’s new Nuclear Facilities through an unofficial channel.
These are extra photos caught on satellite besides existing nuclear installations.
You can view these pictures on the link below.

View Photos : NKorea’s Nuclear Facilities

Thanks.

regards.

The section of the email “View Photos : NKorea’s Nuclear Facilities ” points to: htp://dailyissue.net/satellite/photoviewer.hta (I deleted an “h” in the address to prevent accidentally linking to the site)

Email 2:

From: Howard Thompson [[email protected]]
Sent: 29 August 2011 09:43
To: [deleted]
Subject: FW:RE:Photos-North Korea’s new Nuclear Facilities

According to responses of some members, the pictures are not available on the link I gave you indicated.
To view them properly, we must first install software through the link below which will allow you to open the image files.

Install PhotoViewer Program

————————————————————————————

Recently, I get photos about North Korea’s new Nuclear Facilities through an unofficial channel.
These are extra photos caught on satellite besides existing nuclear installations.
You can view these pictures on the link below.

View Photos : NKorea’s Nuclear Facilities

Thanks.

regards.

The section of the email labeled “Install PhotoViewer Program” links to: htp://support-forum.org/software/setup_photo.exe (I deleted an “h” in the address to prevent accidentally linking to the site)

The  section of the email labeled “View Photos : NKorea’s Nuclear Facilities” links to: htp://dailyissue.net/satellite/photoviewer.hta (I deleted an “h” in the address to prevent accidentally linking to the site)

Go get them, folks!

Share

6 Responses to “More attempted computer attacks on DPRK researchers”

  1. Freja says:

    What’s the matter with the links then, and what are you trying to say?

    Is your point that you are being targetted by pro-North Korea supporters who are trying to infect your PC with a virus?
    If so, can you confirm that the file in question actually IS infected, and what it does?

    The idea is somewhat ludicrous, since, if the DPRK wanted to get even or silence critics, they’d have to take down practically every newspaper site in the Western World, as well as a good number of blogs that are more anti-DPRK than yours.

    Even if the link is infected, how do you know that the link is from a DPRK supporter? It’s not unusual for clever hackers to contact site admins in this way, since, if the infection works, they get access to a much more powerful machine, and potentially a much larger number of email addresses.

    • Blaargh says:

      >It’s not unusual for clever hackers to contact site admins in this way,
      since, if the infection works, they get access to a much more powerful
      machine, and potentially a much larger number of email addresses

      not sure if serious

    • IB says:

      Actually if you look at the attention paid to DPRK issues most newspapers devote very little space. With all due respect to this site, the DPRK is a niche interest. The community is small and hence taking down 10 sites would have a powerful silencing effect.
      However, I suspect the motivation would be to punish the authors, not to silence them (that would be impossible).

      Finally, may I just say the tone of your comment is not very polite.

      • Freja says:

        Well, I have a certain amount of sympathy for the DPRK, I have spent some time there and I know that the country and the regime is not quite as evil as it is depicted here. There is so much paranoia in the English speaking anti-DPRK blogs. I don’t think taking down individual blogs is something that the DPRK would put an effort into. I think it’s more likely that you were targetted by a regular fraudster.

        • a listener says:

          “Well, I have a certain amount of sympathy for the DPRK, I have spent some time there and I know that the country and the regime is not quite as evil as it is depicted here.”

          Just needed to quote that so viewers see that what they read was in fact really posted.