Phishing Threats: Spear Phishing Attack Plants Trojans

Friday, February 3, 2012

Spear Phishing Attack Plants Trojans

Source: SANS NewsBites Vol. 14 Num. 010

SANS report is copied below:

" --Spear Phishing Attack Plants Trojan on Targeted Computers (February 1, 2012) A recently detected, sophisticated spear phishing attack disguises itself as conference invitations. The attack exploits unpatched flaws in Adobe Reader to place Trojans on vulnerable computers. The malware, once on the computer, manages to disguise itself as a Windows Update utility. The attack has been named MSUpdate Trojan. Researchers have evidence of similar attacks from what appears to be the same group of attackers, dating back to 2009. The Trojan steals information and sends it back to the command and control server, but the traffic is disguised as Windows Update traffic.

http://www.theregister.co.uk/2012/02/01/spear_phishing_rats/

http://www.eweek.com/c/a/Security/Trojan-Targets-Industry-Government-with-Fake-Conference-Invitations-542238/ "

No comments:

Post a Comment

Phishing Threats

Computer users receive emails from their bankers or employers, or from utility companies or other institutions or organizations they deal with or even from friends on facebook or twitter, asking for updating their personal information by clicking on links provided in the mail. They take it for granted that these are genuine mails and in good faith click on the links. The phishers who are organized criminals redirect the users to malicious websites and harvest their personal information. The users ultimately become victims to identity theft, financial frauds and even more serious crimes leading to blackmail, murder, and so on.

Phishing attacks engineered by criminals through the medium of phishing emails ultimately lead to loss of consumer confidence in online transactions that include financial transactions and social interactions through Facebook and other social networking sites.

This is an attempt to survey the phishing threat landscape, to identify the criminal groups and their modus operandi and to understand the impact of phishing on online users.