Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, June 21, 2005

Targeted Trojan-horse attacks hitting U.S., worldwide

Cyberattacks aiming to steal proprietary information have targeted companies and government agencies across the globe, including the U.S., security experts said.  On June 16, the United Kingdom’s incident response team, the National Infrastructure Security Co-ordination Centre, warned that stealthy Trojan-horse attacks were targeting specific U.K. companies and government agencies.

This week, security company Symantec sorted through low-volume e-mail threats submitted to its response team for analysis and found several that had targeted U.S. government agencies or had been submitted to Symantec from government sources in the United States.  Two programs that fit the profile—identified by Symantec as Trojan.Mdropper.B and Trojan.Riler.C—were among the threats warned about by the NISCC.

Last month, law enforcement agencies in Israel found that private detectives had allegedly used targeted Trojan-horse programs to steal information from their clients’ competitors, according to press reports.

The latest attacks are targeted at only a few companies or government agencies at a time and show signs of significant background research into the target, said Mark Sunner, chief technology officer for e-mail security firm MessageLabs.

While data on the attacks is scarce, with the company only detecting two attacks per week, they are a serious threat, he said.

The United States Computer Emergency Readiness Team, or US-CERT, has not released a statement on the NISCC advisory.

The stealthy attacks have frequently been sent to a specific person at the targeted organization and show that attackers are researching the best way to convince the victim that the document containing the Trojan horse is real.  Moreover, tradition e-mail-borne mass-mailing viruses typically have not stolen documents.  Both MyFip and the latest string of attacks discovered by MessageLabs and NISCC appear to come from China.

Posted on 06/21