MessageLabs warns of Olympic-themed Trojans

Corporate IT Update, April 24, 2008

CORPORATE IT UPDATE-(C)1995-2008 M2 COMMUNICATIONS LTD

MessageLabs, a provider of messaging and web security services, revealed on Wednesday (23 April) new research showing the frequency and locations of targeted Trojan attacks and the tools used to avoid detection.

In the last six months MessageLabs has reportedly intercepted 13 Olympic themed attacks across several industries. E-mail subjects include 'The Beijing 2008 Torch Relay' and 'National Olympic Committee and Ticket Sales Agents', and some messages purport to come from the International Olympic Committee, based in Lausanne, Switzerland. However, all but one attack has been sent from IP addresses within Asia Pacific.

According to the company, targeted Trojans are usually aimed at specific individuals within an organisation with the goal to infiltrate networks for corporate espionage. Each attack is small in numbers and often utilizes social engineering techniques, such as personalisation, to persuade the recipient to open the e-mail and attachment. The attacks are targeted at organizations that have highly confidential and valuable data, including military and government bodies, MessageLabs warns.

In addition, hackers are shifting to new delivery formats to hide the malware and to avoid detection by traditional anti-virus engines. Microsoft Office Database (MDB) files, usually hidden within a ZIP file, is one of the latest formats to be used. Once the MDB file has been downloaded, the MDB exploit drops an EXE file to the disk and steals data. The company predicts that in the coming year hackers will vary their use of formats further with 1 Byte XOR Key, Multiple XOR keys and ROR, ROL, ADD and SUB formats to be exploited.

((Comments on this story may be sent to info@m2.com))