Trojan e-mails suggest trend toward targeted attacks

Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

A report on Trojan e-mail attacks against critical infrastructure systems in the U.K. highlights an emerging trend away from mass-mailing worms and viruses to far more targeted ones, analysts said.

The U.K."s National Infrastructure Security Co-Ordination Center Thursday released a report disclosing that more than 300 government departments and businesses were targeted by a continuing series of e-mail attacks designed to covertly gather sensitive and economically valuable information.

Unlike with phishing and mass-mailing worms, the attackers appear to be going after specific individuals who have access to commercially or economically privileged information, the report said.

The attacks involved the use of e-mails containing so-called Trojan programs or links to Web sites containing Trojan files. Once installed on a user"s system, Trojans covertly run in the background and perform a variety of functions, including collecting usernames, passwords and system information; scanning of drives; and uploading of documents and data to remote computers.

"The e-mails use social engineering to appear credible, with subject lines often referring to news articles that would be of interest to the recipient," the report said. "In fact, they are "spoofed," making them appear to originate from trusted contacts, news agencies or government departments."

The report highlights how hackers are starting to tailor their attacks and go after specific high-value targets instead of simply launching mass-mailing worms and viruses, said Mark Sunner, chief technology officer at MessageLabs Ltd., a New York-based provider of e-mail security services.

"Certainly for the last few years, what everyone perceived to be the main issue was the mass-mailing worm," Sunner said. "But there does seem to be a new trend where e-mail viruses are being created with the express intention of getting into specific organizations and planting Trojans or keystroke loggers," he said. Over the past year, MessageLabs has been intercepting a growing number of such e-mails, he said.

Another big message here is that "information theft is becoming one of the major aims of people writing these e-mail Trojans," said Richard Wang, manager of Sophos PLC, a vendor of antivirus products with offices in Lynnfield, Mass. "The vast majority of the Trojans mentioned in the NISCC paper are Trojans that are used to steal information."

But enterprises that follow long-established best practices related to e-mail security should not have a hard time dealing with these threats, said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa.

"It doesn"t surprise me at all that these sorts of attacks are possible," Lindstrom said. Government agencies especially have lots of published e-mail addresses, he said. "Because e-mail spoofing is so simple, there is no reason not to try these attacks using phishing and other techniques," he said.

But the trend toward targeted e-mail attacks shouldn"t "bother any security professional worth his salt," Lindstrom added. Standard precautions such as updated antivirus signature, attachment filtering and antispam measures should be enough to identify and mitigate risk.