MessageLabs Analyzes 13 Olympic-Themed Targeted Trojans

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<strong>London &mdash; April 23 </strong><br />The world&rsquo;s athletes and hackers now share a common focus: the Beijing Olympics. Whilst the athletes have a legitimate reason to concentrate on the Games, today&rsquo;s hackers are using the 2008 Olympics for their own glory. MessageLabs, a provider of messaging and Web-security services to businesses worldwide, revealed new research showing the frequency and locations of targeted Trojan attacks and the tools used to avoid detection. <br /> <br />In the last six months MessageLabs has intercepted 13 separate Olympic themed attacks, across several different data-rich industries. With legitimate-sounding email subject titles such as &ldquo;The Beijing 2008 Torch Relay&rdquo; and &ldquo;National Olympic Committee and Ticket Sales Agents,&rdquo; some attacks purport to be from the International Olympic Committee, based in Lausanne Switzerland; however, the reality is that all but one attack has been sent from an IP addresses within Asia Pacific. <br /> <br />Targeted Trojans are usually aimed at specific individuals within an organization with the purpose of infiltrating networks for corporate espionage. Each attack is usually small in number and often uses social-engineering techniques, such as personalization, to persuade the recipient to open the e-mail and attachment. <br /> <br />Hackers are constantly shifting to new delivery formats to hide the sinister malware and to avoid detection by traditional antivirus engines, as well as using harmless and common attachment types that are not blocked. In these instances, Microsoft Office Database (MDB) files, usually hidden within a ZIP file, is one of the latest formats to be used. Once the MDB file has been downloaded the MDB exploit will drop an EXE file to the disk and steal data. MessageLabs predicts that in the coming year hackers will vary their use of formats even further with 1 Byte XOR Key, Multiple XOR keys and ROR, ROL, ADD and SUB formats to be exploited. <br /> <br />Alex Shipp, MessageLabs senior antivirus technologist and imagineer, issues an ominous warning to businesses: &ldquo;These attacks are highly targeted at organizations that have highly confidential and valuable data, such as military and government bodies. Presuming that you haven&rsquo;t been targeted isn&rsquo;t proof that you haven&rsquo;t. The malicious EXE file can remain undetected for several months, so it may be that your organization has been penetrated and crucial information has already leaked. Businesses need to up their game and fortify themselves against a dangerous new breed of hacker, Hacker 3.0, who is prepared to stop at nothing to achieve their goal.&rdquo;<br />

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|