[LINK] the state of malware (including pdf stock spam)

Kim Holburn kim at holburn.net
Mon Jul 9 18:55:52 AEST 2007 

Malware report reveals targeted attacks on energy sector execs

http://arstechnica.com/news.ars/post/20070708-malware-report-reveals- 
targetted-attacks-on-energy-sector-execs.html

> Malware report reveals targeted attacks on energy sector execs
>
> By Jeremy Reimer | Published: July 08, 2007 - 10:46PM CT
>
> MessageLabs, a company that provides messaging security for ISPs  
> and businesses, has released its latest report on the state of  
> malware. It has revealed an interesting new phenomenon: malware  
> targeted at executives in different companies, but all working in  
> the same sector.

> Beginning on June 26, MessageLabs intercepted over 500 targeted  
> attacks that consisted of an e-mail with a Microsoft Word file  
> attached. The Word file contained embedded executable code that  
> when opened would activate a trojan horse program.

> E-mails were sent to various corporate executives at a variety of  
> companies, and some e-mails were actually directed towards the  
> spouse or close relation of specific executives. Most of the  
> attacks were sent to executives working in the energy sector. The  
> goal behind the attacks was to take control of both work and home  
> computers belonging to high-level employees at these companies in  
> order to gain access to confidential e-mails and sensitive  
> corporate information.
>
> Targeted attacks are not a new idea, but this latest batch shows  
> that these sorts of attacks are on the rise and getting more  
> complex. One also wonders why the energy sector has been targeted.  
> Is this some attempt at so-called cyberterrorism?
>
> Another new trick that some spammers are starting to use is to send  
> messages to hotels and catering organizations with seemingly- 
> legitimate group reservations, sending a fraudulent payment, then  
> attempting to claim a refund before the bank disallows the original  
> transaction. Clearly in this case the motive is financial.

> Image spam gets more professional
>
> In addition to the new targeted e-mail attacks, MessageLabs has  
> noticed a change in the "hot stock tip" scams that are typically  
> sent out as one large embedded image in order to bypass text-based  
> spam filters. The first batch of these tips were somewhat  
> amateurish, with frequent misspellings and overly hyperbolic word  
> choices. The spammers have addressed these issues with a new batch  
> of e-mails that are sent with attachments in PDF format, mimicking  
> the look of a genuine newsletter to promote a particular penny  
> stock. The PDF contains a large embedded image, unlike typical PDFs  
> that can be searched for text strings. Because of this, each PDF is  
> unique, which makes it difficult for automated content analysis  
> programs to identify the files as spam.
>
> The stock tip scams are pushed aggressively, with tens of thousands  
> of e-mails directed to individual domains within a time period as  
> short as one hour. The idea behind these "spam spikes" is to push  
> as many e-mails through before antispam systems can react and block  
> the messages.


--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list