Malware takes aim at defence contractors

Symantec is reporting an attack on defense contractors

A sophisticated malware operation targeting defence contractors has been uncovered.

Researchers at Symantec Hosted Services said that the operation involved compromising the site of one firm and then using the hacked site to host a malware attack on another contractor.

The attack began when the first company's site was compromised and embedded with a landing page and obfuscated exploit code. The attackers then sent out a series of emails to employees of a second firm claiming that the company's chief executive had been arrested by US authorities.

When the targeted users clicked on an included link, they were directed to the compromised site of the first company, which then attempted to exploit a recently-disclosed vulnerability in the Windows Help component and infect users with an assortment of malicious software.

Symantec Hosted Services senior malware analyst Martin Lee told V3.co.uk that the sophistication and complexity of the attack was particularly noteworthy.

"This is a very professional attack by someone who really knows what they are doing," Lee said. "We see an awful lot of targeted attacks in which the malicious binary is attached to the email, and we have also seen targeted attacks that include a link to download, but what we have not seen before is hacking another company's web site – a very reputable second contractor – and hosting that binary on their site."

Malware attacks on corporate targets have been the cause of some of the biggest security stories this year. In January, news broke of a massive spyware attack known as 'Operation Aurora' that targeted more than 30 firms.

Reports of the attack and its eventual tracing back to systems in mainland China led companies to re-think their security strategy and created diplomatic tensions between the US and Beijing.