2006 - the year of targeted malware

gallery

There has been an increased amount of malware targeting specific companies, according to an anti-virus expert.

Mikko Hypponen, chief research officer of Finnish anti-virus company F-Secure said that targeted attacks where companies receive only a couple of malware-infected emails from criminals instead of thousands was "an interesting new phenomena".

"Instead of the attacker sending out millions of emails with infected attachments to random recipients, the attack might send just five emails with infected attachments only to one single company," said Hypponen.

He added that his company saw this happen several times over the past year with different companies and organisations targeted.

"There were many cases where the actual attack was pulled off by sending emails that looked like they were coming from someone within the organisation. They were talking about companies' internal issues," said Hypponen.

The attachments were Word, Excel or PowerPoint attachments which contained an exploit.

"In the cases we investigated, the exploit was typically handcrafted so it wasn't detected by the anti-virus which was being used by the company. The end result was the employees got a perfectly normal looking email with an attachment from someone else in the company which they would double click and open."

Hypponen said that as soon as they did that, the email dropped a back door into the system which connected to an IP address outside of the company which could be used to steal information from the infected computer or the user's network drives.

He said that the back door also contained rootkits that allow the malware to hide itself fro the operating system.

Hypponen also said that phishing gangs are widening their nets to target banks in countries which up until now haven't been on the radar of these gangs.

"The phishers are trying to find people who haven't been fooled before," he said.

He also said that there is an increasing use of "money mules" - people recruited by phishing gangs to receive money on behalf of the gangs. He said that the gangs place job ads on legitimate web sites pretending to be bona fide companies.

"They have been successful in hiring perfectly normal people to do this money laundering," he said. "In many of these cases these people had no idea that they were working for criminal companies."

He said phishing attacks will continue to evolve and will use man-in-the-middle attacks on online banks.

Email to a friend

Print this page