Once again, criminal hackers are targeting a worldwide event to deposit their malicious software on victims' PCs, according to one security vendor.

Within the last six months, MessageLabs has found at least 13 new Trojan horse programs associated with e-mails bearing subjects such as "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents."

The problem is, according to a MessageLabs representative, that the hackers' e-mail messages employ an embedded Microsoft Office database file within the zipped attachment. Microsoft said in a recent security advisory that customers not running Windows Vista or Windows Server 2003 are vulnerable to allowing remote attackers to gain full access to a compromised machine.
Once the malicious code is installed, an attacker could steal personal data. MessageLabs further predicts that malicious-code writers will change formats by using 1 Byte XOR Key, Multiple XOR keys, and ROR, ROL, ADD, and SUB formats.

The e-mails, however, are not random. MessageLabs says the Trojan horses are often targeted to individuals within a specific organization in an attempt to gain access to the corporate network. This practice is known as "spear phishing."

So far, such attacks appear to be a corporate threat, as opposed to an individual threat.

Research from MessageLabs shows that while the e-mails state that they come from the International Olympic Committee in Switzerland, most have IP addressed based in Asia.



by Robert Vamosi


Original Article

This entry was posted by Sean Cannon on Wednesday, April 23. 2008 at 16:06.