Malware targets Oympic emails

By Brian Turner

MessageLabs has reported that it has identified at least thirteen different Olympic themed attacks, using email to try and fool users into downloading trojans.

With legitimate-sounding email subject titles such as “The Beijing 2008 Torch Relay” and “National Olympic Committee and Ticket Sales Agents”, some attacks purport to be from the International Olympic Committee, based in Lausanne Switzerland, however the reality is that all but one attack has been sent from an IP addresses within Asia Pacific.

In these instances, Microsoft Office Database (MDB) files, usually hidden within a ZIP file, is one of the latest formats to be used. Once the MDB file has been downloaded the MDB exploit will drop an EXE file to the disk and steal data. MessageLabs predicts that in the coming year hackers will vary their use of formats even further with 1 Byte XOR Key, Multiple XOR keys and ROR, ROL, ADD and SUB formats to be exploited.

The attacks are reported to show an increased level of personalisation, targeting named individuals in an attempt to compromise the networks they are working with.

According to Alex Shipp, MessageLabs Senior Anti Virus Technologist, these attacks are principally aimed at military and government bodies, and are probably a direct attempt to access sensitive data in a very targeted way.

While the sending of malware via emails, theming email titles on current events, and targeting these at official bodies is nothing new, it is the degree of sophistication used that makes the more recent attacks stand out.

Using social engineering techniques in order to directly target specific individuals suggests a clear agenda behind these.

According to MessageLabs, all of the emails originate from IP addresses within the Asia Pacific region.