• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Security Alert: New Targeted Malware Attack Shows Increasing Sophistication

Posted on: Friday, 15 June 2007, 13:53 CDT

Avinti, a developer of pro-active e-mail security solutions, has issued security alert to corporate users of a new targeted attack that is addressed to the target by name and disguised as invoice attachment from the reputable and publicly traded company Beckman Coulter, demonstrating increasing sophistication by hackers.

The e-mail contains a trojan and is spoofed to look as though it is coming from the accounting department of Beckman Coulter, a manufacturer of test and diagnostic equipment. Officials at Beckman have confirmed that the e-mail did not originate from Beckman. The malware comes in a word document named Proforma_invoice.doc, which, when opened, contains an executable disguised as an icon that launches the malware. It can easily be mistaken for an errant invoice from a reputable company.

"Clicking on what appears as an icon in the document launches an embedded .exe that installs a browser helper object that can track the Web sites the user visits and captures any data the user types using forms through their Web browser. It also appears the bot itself communicates periodically with others in a network and possibly can be controlled from the outside for downloading new software, receiving new commands, etc.," said Dave Green, Avinti's CTO. "After we caught the malware, we ran it through a well-known testing site that scans with multiple anti-virus products and only one other anti-virus product accurately identified it as a generic Trojan," he added. "So the possibility of this getting through to a user is quite high."

Targeted attacks have recently been on the rise, with e-mails attacks disguised as being from the Better Business Bureau and the IRS being two prominent examples. The method of attack has also varied slightly in recent weeks, including use of blended threats, indicating that hackers are quickly changing techniques to evade detection.

"Given the type of personal or corporate information people type into Web browsers, the potential for damage from this Trojan is high," said Green. "The level of sophistication of the e-mail itself, the fact that the virus is well hidden to avoid detection, and the spoofing of a business transaction from a very reputable and well-known corporation to give the e-mail a high level of authenticity indicate the frightening direction in which hackers are moving."

Avinti's iSolation Server, a proactive security solution, is designed to stop stealthy, complicated threats such as zero-day malware attacks, targeted threats, blended threats, and mass variants. Its patent-pending technology complements existing security solutions by detecting threats without the use of signatures. Avinti's approach is unique because it safely observes actual behavior of potentially threatening messages, rather than relying on reactive signature-based approaches.

More details on this attack are available at www.Avinti.com.

About Avinti

Avinti is a proactive e-mail security solutions company that has taken a different approach to protecting enterprises from security threats. Avinti's iSolation Server proactively and safely block threats not detected by traditional security solutions. The company's investors include Sequel Venture Partners, Symantec, and vSpring Capital.

Source: Business Wire

More News in this Category