Messagelabs_TargetedTrojansAnewonlinethreattobusiness

8/9/2019 Messagelabs_TargetedTrojansAnewonlinethreattobusiness

1/6

Targeted Trojans: A new onlinethreat to businesses

MessageLabs has detected an insidious new online threat to business. Find out abouttargeted trojans and how to protect yourself against them

Author: Mark Sunner, Chief Security Analyst, MessageLabs


2/6

2

Table of Contents

Introduction 3Industrial Espionage by Trojan 3Traditional protection doesnt work 3Trojan attack 3MessageLabs: Be certain 4


3/6

3

Introduction

If you were a criminal mastermind and you wanted to steal secrets from a company,the easiest way to do it is with a custom-written virus or trojan aimed at an individualin the target company. MessageLabs have seen an alarming rise in this type ofattack in recent months.

Industrial Espionage by Trojan

These attacks are still relatively few in number but their economic impact could besignificant. If you get attacked by a regular virus, it will cost you time and money toclear up and your reputation may be damaged when company computers startsending out spam email or other irritations. However, if you are attacked by atargeted trojan, your confidential information, product designs, plans, R&D data orother secrets could end up in the hands of competitors. In simple terms, itsindustrial espionage by virus.

The people behind these new attacks have also found new ways to trick people intoinstalling an email-borne trojan. (Named after the legendary Trojan horse, a trojan isa kind of computer virus that infects a computer by pretending to be a legitimateprogram or file.) They exploit new or little-known problems with Microsoft Officeapplications so the viruses are embedded in Word, Excel or PowerPoint documents.Most companies strip out attachments that look l ike applications from email butbusiness documents are commonplace attachments. This means that infected

attachments are more likely to reach users.

The attackers also use social engineering to trick people into opening the files andinfecting their computer. For example, they use data from social networking services(e.g. Facebook, Linked-In etc) and company websites. Using internet searchengines and, say, public records stored at Companies House, they can easily findout a lot about your businesss senior management. They can craft an email thatappears to come from your finance director, addressed to you by name and whichcontains a spreadsheet called Draft figures for the AGM. It would look trustworthybut could contain a trojan.

Traditional protection doesnt work

To make matters worse, custom-written, one-off trojans are likely to evadetraditional anti-virus programs. The problem is that traditional anti-virus programsrely on DNA-like signatures extracted from live viruses to prevent future attacks.Put simply, virus researchers wait for a widespread attack to develop before theycan find the antidote and distribute it.

Its like doctors rushing to administer a vaccine after the plague has claimed its firstfew victims. However, this approach doesnt prevent one-off targeted trojans. Ifpatient zero is the only patient, nobody will discover the outbreak, let alone find thevaccine.

Trojan attack

At the beginning of the year, MessageLabs predicted that it would see 20 of thiskind of emails a day. However, on the 26th of June, the company detected 514 injust two hours. This was an unprecedented increase and indicated that a newperpetrator had entered the scene.

Subject lines such as Information from the FSA, Customer Complaint or Invoicewere common. While they targeted virtually every sector; the attackers singled outthe public sector, electronics, aviation, retail, communications, f inance and militaryorganizations. Nearly all of them were targeted at board level executives, such asCEOs, CFOs and CIOs.

Your confidentialinformation,product designs,

plans, R&D dataor other secretscould end up inthe hands ofcompetitors


4/6


5/6

5

The targeted trojan problem looks set to continue. All bets are off now, saysMessageLabs Chief Security Analyst, Mark Sunner. We will definitely see moreattacks like this. With so much at stake, the only way to be certain is to chooseMessageLabs.

MessageLabs provides a highly effective and integrated set of on-demand servicesto protect, control web and email traffic so that customers can use these business-critical tools safely and productively.

MessageLabs Email & Web Security service stops threats from reaching yournetwork, delivering total protection from viruses, trojans, phishing, spyware and the

latest targeted attacks.

For a free trial, visitwww.messagelabs.com/trials/free


6/6

6

[email protected]

Freephone UK0800 917 7733

Toll free US

1-866-460-0000

EuropeHEADQUARTERS

1270 Lansdowne CourtGloucester Business ParkGloucester, GL3 4ABUnited Kingdom

T +44 (0) 1452 627 627F +44 (0) 1452 627 628

LONDON

3rd Floor40 Whitfield StreetLondon, W1T 2RHUnited Kingdom

T +44 (0) 207 291 1960F +44 (0) 207 291 1937

NETHERLANDS

Teleport TowersKingsfordweg 1511043 GR

AmsterdamNetherlands

T +31 (0) 20 491 9600F +31 (0) 20 491 7354

BELGIUM / LUXEMBOURG

Cullinganlaan 1BB-1831 DiegemBelgium

T +32 (0) 2 403 12 61F +32 (0) 2 403 12 12

DACH

Feringastrae 9

85774 UnterfhringMunichGermany

T +49 (0) 89 189 43 990F +49 (0) 89 189 43 999

MessageLabs 2007All rights reserved

AmericasAMERICAS HEADQUARTERS

512 Seventh Avenue6th FloorNew York, NY 10018USA

T +1 646 519 8100F +1 646 452 6570

CENTRAL REGION

7760 France Avenue SouthSuite 1100Bloomington, MN 55435USA

T +1 952 886 7541F +1 952 886 7498

Asia PacificHONG KONG

1601Tower II

89 QueenswayAdmiraltyHong Kong

T +852 2111 3650F +852 2111 9061

AUSTRALIA

Level 6107 Mount Street,North SydneyNSW 2060Australia

T +61 2 8208 7100F +61 2 9954 9500

SINGAPORE

Level 14Prudential Tower30 Cecil StreetSingapore 049712

T +65 62 32 2855F +65 6232 2300

Documents

Messagelabs_TargetedTrojansAnewonlinethreattobusiness