Cyber Security Institute
§ Current Worries
Top 3 Worries
- Regulations
- Old Firewall Configurations
- Security Awareness
§ Listening
For the best information
- The underground
- Audible
- Executive Excellence
- Music (to keep me sane)
§ Watching
For early warnings
- 150 Security Websites
- AP Newsfeeds
- Vendors
Friday, October 13, 2006
Targeted Trojan attacks on the rise
On December 1, 2005, two e-mail messages were sent from a computer in Western Australia to members of two different human rights organizations. Each e-mail message carried a Microsoft Word document with a previously unknown exploit that would take control of the targeted person’s computer and open up a beachhead into the group’s network. The attack failed, as did a second attempt to infiltrate the same human-rights groups a week later, due in no small part to an overabundance of caution on the part of e-mail security provider MessageLabs, which initially blocked the e-mails based on the strangeness of the Word attachments. The attacks only targeted a single person at each organization and, after the two attempts, never repeated. Such targeted Trojan horse attacks are quickly becoming a large concern for corporations, the military and political organizations, said MessageLabs security researcher Alex Shipp. The e-mail security provider intercepted 298 such attacks between May 2005 and May 2006, and the threat of targeted Trojans is only increasing. “If you haven’t noticed these attacks and you are a big company, you have likely already been attacked,” Shipp told attendees at the Virus Bulletin 2006 conference.”
Targeted Trojan horse attacks are quickly becoming a major issue for the antivirus and computer-security industries.
“Your problem is no longer how do I avoid being attacked, but how do I find where I’ve been compromised.”
Last year, computer emergency response groups in the U.K., Canada and Australia warned of such attacks. While the United States Computer Emergency Readiness Team (US-CERT) did not issue a warning, security firms confirmed at the time that U.S government agencies and companies had already been targeted by such malicious software.
A major problem for large companies, government agencies and other potential targets is that antivirus software is not good at stopping low-volume attacks aimed at single companies. Traditional antivirus programs detect widespread attacks based on matching to a known pattern and do not fare well against low-volume Trojans. “There is no value whatsoever in having signature-based antivirus when facing a targeted attack,” said Joshua Corman, host protection architect for Internet Security Systems (ISS).
Military agencies, human rights organizations and pharmaceutical companies are some of the types of groups that are being targeted by specifically aimed attacks.
timate programs as potential threats.