The Conficker worm has been generating the big security headlines, but what The New York Times calls a "vast electronic spying operation" reveals an ongoing, very sophisticated cyberespionage campaign that may well represent an even more important threat than Conficker - especially to the Dalai Lama's Tibetan freedom movement.

Researchers at the University of Toronto Munk Center's Citizen Lab summarize GhostNet thus:

Documented evidence of a cyber espionage network— GhostNet—infecting at least 1,295 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets.

Documented evidence of GhostNet penetration of computer systems containing sensitive and secret information at the private offces of the Dalai Lama and other Tibetan targets.

Documentation and reverse engineering of the modus operandi of the GhostNet system—including vectors, targeting, delivery mechanisms, data retrieval and control systems—reveals a covert, diffcult-to-detect and elaborate cyber-espionage system capable of taking full control of affected systems.

The attacks started with so-called "social malware" (emails apparently from trusted sources that included documents containing malware installers). Once the malware was installed, the programs used a variety of methods to compromise targeted computer: rootkits, HTTP GET/POST transmission of stolen data, keyloggers, backdoor remote administration tools, and even remote control of webcams and microphones for surreptitious recording.

The F-Secure "News from the Lab" blog posting on GhostNet describes how the attack works, includes a partial map of the extent of the attacks, a video on targeted attacks, and links to reports from the University of Toronto's Munk Center and Cambridge University. If you're responsible for computer security in your business or home, want a better understanding of cyberespionage, or are looking for better ways to detect information theft, these reports are must-reads.

How can you stop a GhostNet-style attack on your PCs? Consider the following:

• If you receive unexpected attachments purporting to be from friends, associates, or co-workers, check them out before you open them.
• Consider using Rich Text Format (RTF) document format instead of other formats. RTF retains document formatting, but can't be exploited as a container for malware.
• Use the monitoring programs discussed in the GhostNet reports to check for suspicious activity.
• Disconnect webcams and microphones when not in use.
• Make sure your copies of Microsoft Office and Adobe Reader are running the very latest security updates.

What methods have you found to be most effective to sniff out and stop these types of information stealers? Hit Comment and share your discoveries.

Map courtesy The New York Times.