Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    January 2014
    S M T W T F S
    « Dec   Feb »
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for January 6th, 2014




    In late November, Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. From samples of the exploit examined, it has a backdoor payload that possesses sophisticated anti-analysis techniques.

    Further research of this earlier attack – discussed in the blog posts above – has revealed that the exploit was deployed via email to at least 28 embassies in a Middle Eastern capital.  The malicious payload arrived as an attachment to a blank email sent to the target embassies. The subject line of the email and the name of the attachment referred to the ongoing conflict in Syria, to induce its recipients to open the email.

    Apart from the targeting and the anti-analysis techniques, there does not appear to be other particularly unusual or unique behaviors in this attack. The anti-analysis techniques in the backdoor (detected as BKDR_TAVDIG.GUD) were designed to hide from or freeze debuggers, making analysis and attribution more difficult.

    Whoever was responsible for this attack had the means, motivation and opportunity to carry out a targeted attack across multiple targets. This suggests a level of organization and available resources beyond ordinary cybercriminals. Beyond that, we are unable to draw any other conclusions. We do not know if the embassies were indeed affected by the malware mentioned or if there are other sets of targets, only that the samples received strongly suggest that the embassies were the intended recipients.

    As part of our 2014 predictions, we mentioned that obsolescent and unpatched operating systems and applications may cause issues in the coming year. This incident highlights that problem, particularly if used in targeted attacks. Similarly, zero-days are frequently first used in targeted attacks; earlier this year another Internet Explorer zero-day was first used in targeted attacks. Malicious attachments are a favored infection vector for targeted attacks; the same technique was used to target Asia-Pacific governments and G20 meeting attendees earlier this year.

    It is also important to remember that all is not lost when it comes to defending against targeted attacks. In his paper Suggestions to Help Companies with the Fight Against Targeted Attacks, Trend Micro researcher Jim Gogolinski stated that there is much that can be done to defend a company against targeted attacks. Trend Micro also participated in the development of the guide System Design Guide for Thwarting Targeted Email Attacks along with  Japan’s Information Technology Promotion Agency (IPA), which provides in-depth strategy for helping deal with email attacks.

    For more details on various targeted attacks, as well as best practices for enterprises, you may visit our Threat Intelligence Resources on Targeted Attacks.

     
    Posted in Targeted Attacks, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice