http://www.computerworld.com/securitytopics/security/story/0,10801,102533,00.html By Scarlet Pruitt JUNE 16, 2005 IDG NEWS SERVICE LONDON -- Critical-infrastructure providers in the U.K. are being targeted in Trojan e-mail attacks designed to steal sensitive information such as passwords and documents, a national infrastructure security agency warned today. Tailored attacks against U.K. government departments, businesses and other organizations have been occurring for a significant period of time and have recently become more sophisticated, according to the National Infrastructure Security Co-ordination Centre (NISCC). The e-mail arrives with attachments containing Trojan horse viruses or links to Web sites that host Trojan files. A Trojan horse is an attack method in which malicious code is hidden in seemingly harmless files, and they can allow virus writers to gather information and remotely control infected machines without the owners' knowledge. Th e-mail subject headers have been written to appeal to recipients, often referring to recent news articles, the NISCC said in a briefing paper. Attacks normally focus on individuals working with commercially or economically sensitive data, it added. The subject headers and IP addresses of the e-mail suggest they are being sent from the Far East, the NISCC said. More than 300 U.K. government departments and businesses have been targeted in the attacks, according to antivirus firm Sophos PLC, which has been working with the NISCC to identify the threats. The NISCC has not revealed the specific target organizations, and it is unclear whether information has already been stolen, said Sophos security consultant Carole Theriault. However, the NISCC said that machines compromised by the attacks pose a threat to the confidentiality, integrity and availability of stored data and can be used to launch attacks on other networks. "They probably saw these Trojans and panicked and wanted to inform the public of it," Theriault said. But aside from being directed at government departments, the Trojans aren't very different from e-mail threats detected by researchers every day, according to Theriault. An increasing amount of attacks target specific kinds of users, and many have the ability to steal information and open back-door capabilities, she said. Still, the NISCC warning could serve to make computer users more aware of the sophistication and prevalence of new types of e-mail attacks. The NISCC advised possible recipients to update their antivirus software and to educate users. It advised administrators to examine firewall logs of critical systems for anomalous IP addresses and review mail server access logs for evidence of connections from unusual IP addresses. The agency has further information on detecting and mitigating the threats on its Web site [1]. [1] http://www.niscc.gov.uk/niscc/index-en.html _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 16 2005 - 22:50:07 PDT