The report might be part of political efforts targeting China.

Here are some points from the report:
- Almost 30% of infected computers are high-value and include ministries of foreign affairs of different countries, embassies, news organizations, a Bank, an unclassified computer at NATO headquarter and Office of the Dalai Lama.
- Infected computers reached 1,295 in 103 countries
- The attacker used several infection vectors, infected web page serving exploit code to infect computers visiting it, and used also emails carrying infected pdf and doc files with trojan.
- Once the computer is infected, it will create a backdoor and try to contact the controlling servers, waiting for orders.
- The targets themselves may infect others by forwarding infected documents to their contacts
- The controlling servers are located in China
- The trojan used is known as gh0st RAT
- The 1st family of malware used HTTP connections to connect to PHP files, while the 2nd family used HTTP POST to connect to CGI
- The most recent sample in the report was on March 12, 2009
- Infected computers reached 1,295 in 103 countries
- The attacker used several infection vectors, infected web page serving exploit code to infect computers visiting it, and used also emails carrying infected pdf and doc files with trojan.
- Once the computer is infected, it will create a backdoor and try to contact the controlling servers, waiting for orders.
- The targets themselves may infect others by forwarding infected documents to their contacts
- The controlling servers are located in China
- The trojan used is known as gh0st RAT
- The 1st family of malware used HTTP connections to connect to PHP files, while the 2nd family used HTTP POST to connect to CGI
- The most recent sample in the report was on March 12, 2009
http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.pdf
Updated:
The next chapter of the story is now released by shadowserver.