[ISN] U.K. government is target in e-mail attacks

From: InfoSec News (isn@private)
Date: Thu Jun 16 2005 - 22:45:32 PDT


http://www.computerworld.com/securitytopics/security/story/0,10801,102533,00.html

By Scarlet Pruitt
JUNE 16, 2005 
IDG NEWS SERVICE

LONDON -- Critical-infrastructure providers in the U.K. are being 
targeted in Trojan e-mail attacks designed to steal sensitive 
information such as passwords and documents, a national infrastructure 
security agency warned today. 

Tailored attacks against U.K. government departments, businesses and 
other organizations have been occurring for a significant period of 
time and have recently become more sophisticated, according to the 
National Infrastructure Security Co-ordination Centre (NISCC). 

The e-mail arrives with attachments containing Trojan horse viruses or 
links to Web sites that host Trojan files. A Trojan horse is an attack 
method in which malicious code is hidden in seemingly harmless files, 
and they can allow virus writers to gather information and remotely 
control infected machines without the owners' knowledge. 

Th e-mail subject headers have been written to appeal to recipients, 
often referring to recent news articles, the NISCC said in a briefing 
paper. Attacks normally focus on individuals working with commercially 
or economically sensitive data, it added. 

The subject headers and IP addresses of the e-mail suggest they are 
being sent from the Far East, the NISCC said. 

More than 300 U.K. government departments and businesses have been 
targeted in the attacks, according to antivirus firm Sophos PLC, which 
has been working with the NISCC to identify the threats. 

The NISCC has not revealed the specific target organizations, and it 
is unclear whether information has already been stolen, said Sophos 
security consultant Carole Theriault. 

However, the NISCC said that machines compromised by the attacks pose 
a threat to the confidentiality, integrity and availability of stored 
data and can be used to launch attacks on other networks. 

"They probably saw these Trojans and panicked and wanted to inform the 
public of it," Theriault said. 

But aside from being directed at government departments, the Trojans 
aren't very different from e-mail threats detected by researchers 
every day, according to Theriault. An increasing amount of attacks 
target specific kinds of users, and many have the ability to steal 
information and open back-door capabilities, she said. 

Still, the NISCC warning could serve to make computer users more aware 
of the sophistication and prevalence of new types of e-mail attacks. 

The NISCC advised possible recipients to update their antivirus 
software and to educate users. It advised administrators to examine 
firewall logs of critical systems for anomalous IP addresses and 
review mail server access logs for evidence of connections from 
unusual IP addresses. 

The agency has further information on detecting and mitigating the 
threats on its Web site [1]. 

[1] http://www.niscc.gov.uk/niscc/index-en.html



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Thu Jun 16 2005 - 22:50:07 PDT