This weekend, staff at CPJ received a personal invitation to attend the Oslo awards ceremony for Nobel Peace Prize winner Liu Xiaobo. The invite, curiously, was in the form of an Adobe PDF document. We didn’t accept. We didn’t even open the e-mail. We did, however, begin analyzing the document to see was really inside that attachment, and what it was planning to do to our staff’s computers.
NGOs and journalists who work or report on human rights issues in China now regularly receive e-mailed attachments, often PDFs, which on closer examination prove to be malicious code sent from unknown sources. These attachments contain embedded programs that execute when the file is opened, and take advantage of local security flaws to install concealed software on their victims’ machines.