All the latest UK technology news, reviews and analysis
|
|
|
08 Dec 2010
Security experts are warning web users to be on their guard after discovering two attacks using the WikiLeaks scandal as a social engineering hook.
Symantec Hosted Services malware operations engineer Tony Millington wrote in a blog post that a new virus has been disguised as a PDF attachment named 'WikiLeaks' in a highly targeted attack aimed at a government body.
A brief sentence in the body of the email alludes to "the release of thousands of confidential US cables" designed to persuade the user into clicking on the malicious attachment to find out more.
"The email had been sent from a compromised account and, as is often the case, the social engineering didn't have a lot of thought behind it," said Millington.
"The attachment has an encrypted executable embedded in it and heavily obfuscated JavaScript designed to decode, drop and run the exe."
The malicious executable injects itself into Internet Explorer and sends encrypted data over port 80.
It's unclear as yet exactly what the malware was designed to do, although initial analysis suggests that it could enable the attacker to steal usernames and passwords.
Symantec has discovered 24 copies of the attack so far, and is recommending users install the latest version of Adobe Acrobat Reader to stay safe.
The security firm also warned that spammers are using the WikiLeaks saga in a more widespread campaign.
The spam email has spoofed headers and the subject line 'IRAN Nuclear BOMB!', and purports to come from WikiLeaks.org.
A malicious link in the body of the email will open a backdoor using a predetermined port and IP address, allowing an attacker to steal passwords, log keystrokes, activate and view a webcam or even read write and execute files on the PC.
"We caution users not to open or click on the links or attachments of emails such as these," wrote Symantec security researcher Samir Patil.
"Symantec recommends having anti-spam and anti-virus solutions installed and up to date to prevent the compromise of personal machines or networks."
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
About Us WorldPay provides a globally connected, locally...
About Us WorldPay provides a globally connected, locally...
SQL Server Developer - Our client, an international...
IT Technical Service Delivery Manager / ITIL / Reigate...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?