F-Secure - Detection Radar Fails to Identify Sophisticated Phishing Attacks

According to security company 'F-Secure', samples of well-designed targeted attacks evidently suggest that while maintaining a suspicious approach does a lot to keep up security, some particularly risky attacks might just pass users' notice.

Targeted attacks also called spear phishing attacks generally send a carefully crafted electronic message to specially selected individuals. The e-mails are well written without the usual errors and typos that normally accompany malicious e-mail campaigns. They are much fewer in number but comparatively more harmful than ordinary attacks.

For its analysis, F-Secure cited seven samples that used lures for infecting targeted persons in various organizations so that their computers could be accessed. The security vendor says that all attack codes that would plant malware on the victims' computers, but these attacks' targets remain unknown.

Among the five samples, one message uses German language and another Russian. If anybody viewed the .doc or .pdf files, he perhaps will not find anything missing. However, the good news is that although these sneaky messages might get pass users' notice, they have the chances of getting blocked if users' security software is up-to-date.

Further, targeted attacks that exploit software flaws could also be prevented if users already have security patches installed, provided the attacks chase un-patched zero-day vulnerabilities. That means it is important for users to always keep their systems up-to-date so attacks could be avoided.

The company says that till May 2009, the file format that was abused to the maximum was the PDF format. However, during 2008, F-Secure detected nearly 1,968 files in targeted attacks among which DOC i.e. Microsoft Word file was the most widely used file type representing 34.55%.

The changes seen in the popularity of file types was chiefly due to more security flaws in Adobe Reader/Acrobat compared to in Microsoft Office software, security analysts stated.

They further added that these targeted assaults had been increasing very fast everywhere. Moreover, in similar news, CPP the life support organization indicated that in UK, over 77% of people got phishing e-mails spoofing banks during June 2008-May 2009.

Related article: F-Secure Alerts against Bogus Windows Update Sites

» SPAMfighter News - 7/20/2009