Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43424
  • Total Topics: 16521
  • Online today: 2696
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2679
Total: 2680









Author Topic: Malware report reveals targeted attacks on energy sector execs  (Read 3475 times)

0 Members and 2 Guests are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1076
  • KARMA: 22
  • Gender: Male
    • SCforum.info
MessageLabs, a company that provides messaging security for ISPs and businesses, has released its latest report on the state of malware. It has revealed an interesting new phenomenon: malware targeted at executives in different companies, but all working in the same sector.
Beginning on June 26, MessageLabs intercepted over 500 targeted attacks that consisted of an e-mail with a Microsoft Word file attached. The Word file contained embedded executable code that when opened would activate a trojan horse program. The typical e-mail looked like this:

To: [Victim name] - - [Job Title]

The Proforma Invoice is attached to this message. You can find the file in the attachments area of your email software.

PS: The invoice also includes the cost for the services provided for the second quarter of 2007.Please read, evaluate and reply with any comments. Thanks.

[postal address removed]

E-mails were sent to various corporate executives at a variety of companies, and some e-mails were actually directed towards the spouse or close relation of specific executives. Most of the attacks were sent to executives working in the energy sector. The goal behind the attacks was to take control of both work and home computers belonging to high-level employees at these companies in order to gain access to confidential e-mails and sensitive corporate information.

Targeted attacks are not a new idea, but this latest batch shows that these sorts of attacks are on the rise and getting more complex. One also wonders why the energy sector has been targeted. Is this some attempt at so-called cyberterrorism?

Another new trick that some spammers are starting to use is to send messages to hotels and catering organizations with seemingly-legitimate group reservations, sending a fraudulent payment, then attempting to claim a refund before the bank disallows the original transaction. Clearly in this case the motive is financial. 
Image spam gets more professional

In addition to the new targeted e-mail attacks, MessageLabs has noticed a change in the "hot stock tip" scams that are typically sent out as one large embedded image in order to bypass text-based spam filters. The first batch of these tips were somewhat amateurish, with frequent misspellings and overly hyperbolic word choices. The spammers have addressed these issues with a new batch of e-mails that are sent with attachments in PDF format, mimicking the look of a genuine newsletter to promote a particular penny stock. The PDF contains a large embedded image, unlike typical PDFs that can be searched for text strings. Because of this, each PDF is unique, which makes it difficult for automated content analysis programs to identify the files as spam.

The stock tip scams are pushed aggressively, with tens of thousands of e-mails directed to individual domains within a time period as short as one hour. The idea behind these "spam spikes" is to push as many e-mails through before antispam systems can react and block the messages.
ars tehnica
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023