Green Technology » Sciences - Technology

May 25, 2019, 8:23 pm

Security experts say phony gov’t emails contain malware

(15:58:08 PM 12/06/2015)
( - An email address ending in “gmail” and a subject line referring to Prime Minister Nguyen Tan Dung’s instructions has been sent to the email account of a newspaper reporter to steal information.

 Security experts say phony gov’t emails contain malware


A reporter received an email sent from (vpcp is automatically interpreted as “van phong chinh phu” or government office). 

There was no content in the body of the email, but there was a file attached under the “.doc” mode with the name coinciding with the email’s subject.

BKAV, the leading internet security firm in Vietnam, has found the email contains malware.

Nguyen Minh Duc, a security expert from FPT Group, said the “.doc” file exploited the vulnerability of Microsoft Word which was made public in April 2014. If users have not updated the patch version for Microsoft Word, when they open the file, malware will be installed on the computer, collect information and send it to a server in the US. 

The subject of the email and the name of the attached file (about a Prime Minister’s conclusion on an issue) raised receivers’ curiosity, especially reporters, and prompted them to open the files to read the content.

According to Duc, this is a way of spreading malware commonly used by hackers. To date, 19 out of the existing 57 antivirus software products can recognize the files as viruses.

BKAV, after analyzing the email, found that the virus hidden in the attached document file was a variation of “Virus Bien Dong” (East Sea virus) which was regulated through the domain registered by a Chinese company.

“Virus Bien Dong” was first heard of in July 2014. A reporter of an online newspaper received an email with an attached file about an important report on protecting territorial waters and airspace.

The attached file was then analyzed by BKAV’s specialists, who said it contained malware called “Virus Bien Dong”.

Anh on June 6 said the two emails sent in July 2014 and June 2015 were likely from the same group of hackers. 

The server that regulated the malware sent in 2014 belonged to, while the server that sent in 2015 was 

According to Anh, the malware hidden in the email is RAT (Remote Access Trojan) which opens the back door on victims’ devices and allows remote access. 

The virus hidden in the document file was managed through a domain registered by a Chinese company.

The hackers were believed to exploit Microsoft Office’s hole - CVE-2012-0158 - to insert malware into the document file. After users open and download the file, “LMS.exe”, “dbghelp.dll” and “ticrf.rat” will be installed in the devices’ systems.


Buu Dien

Send comments you read about: Security experts say phony gov’t emails contain malware

* *
(Environmental News welcomes your opinions read the article. The discussion will be reviewed before posting. Environmental News reserves the right to reject words offend individuals or organizations; words left habits and customs, law violations. Readers discuss accented Vietnamese. Comments do not necessarily reflect the views of the Environmental News. Thank you for your contributions and cooperation of)
Cat- center 3
Cat- center 4
  University student makes bricks from scrap paper

University student makes bricks from scrap paper

( - Nguyen Cao Hoang Sang, a student at HCM City Architect University, has created green building materials from scrap paper after seven months of research.

  Vietnamese farmers make solar-powered boat

Vietnamese farmers make solar-powered boat

( - Farmers in the Mekong River Delta have invented boats that can run smoothly with no noise or pollution to the environment, and are especially suitable to serve ecotourism.

Cat- center 6
  BAKV officially launches its high-end smartphone

BAKV officially launches its high-end smartphone

( - BKAV – Vietnam’s leading network security firm – launched its first smartphone Bphone on May 26, after many advertising campaigns.

Cat- center 7