Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

New malware variant drives phishing attacks

Check Point : 16 May, 2013  (Technical Article)
Threat emulation technology from Check Point has identified a malware variant responsible for phishing e-mail attacks
New malware variant drives phishing attacks

On Friday May 10, 2013, Check Point’s Threat Emulation technology detected a phishing email attack employing then-unknown malware on several organisations’ networks.  This attack takes advantage of a vulnerability in Microsoft's Windows Common Controls as described in CVE-2012-0158.  Due to this new variant having a different cryptographic ”hash” to the original, no anti-virus tools had detected it up to that point in time.

The attacks starts with phishing emails purporting to be from Citibank or Bank of America. The emails, which contained subject lines such as “Merchant Statement”, invite recipients to open an infected Microsoft Word attachment with names such as “Statement ID 4657-345-347-0332.doc”.  When opened, the attachment infects the machine with several malicious executables, and places the machine under control of a remote "botnet" command and control centre.

The attack can successfully infect both Windows 7 and XP platforms. Additional variants are in the wild, with at least one additional one being detected within 48 hours of the first.  Check Point recommends companies do the following:

* Ensure that the Microsoft Update described in MS12-027 has been deployed to all endpoint machines in their networks * Educate or remind users on the risks of opening email attachments from unknown external senders

At detection by Threat Emulation, attack information was automatically uploaded to Check Point’s ThreatCloud, which then propagated AV signatures to all Check Point customers with current AV update subscriptions.

Dorit Dor, vice president of products at Check Point Software Technologies said:  “Threat Emulation technology is capable of detecting and preventing against new attacks, and variants of existing ones.  Our sandboxing technology closes the gap between the time new attacks are launched and when AV updates are made available, providing the most effective threat prevention available today.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo