AlienVault Describes Sykipot Malware Assaults in Detail

Investigators from AlienVault a security company has just explained how malware assaults with the help of Sykipot have undergone an evolutionary process.

The experts tell that the Sykipot assaults took advantage of several 0-day vulnerabilities spanning recent years wherein the security flaws impacted Microsoft's IE (Internet Explorer), Adobe's Flash Player and the same company's Reader.

Director Jaime Blasco at AlienVault Labs said that earlier the majority of the malware assaults his organization identified in connection with Sykipot involved spear phishing e-mails having files attached which capitalized on security flaws within Adobe's PDF, Adobe's Flash, Microsoft Office and occasionally IE. Securityweek.com published this in news on March 21, 2013.

Blasco further said that over 8-10 months just gone by, AlienVault had observed that the spear phishing scams rather than contain attachments actually had a web-link, and that had grown in number. When any victim followed such a web-link it enabled the attackers towards exploiting flaws within Java, IE and so on for gaining admission into affected systems.

Elaborating on 4 Sykipot scams dating from 2012 summer, Blasco says that the first one exploited one IE flaw, which associated with a phishing attack on charge cards of the United States government. The attacks enticed victims towards opening one malevolent website, which reportedly spoofed GSA SmartPay's website. Infosecurity-magazine.com published this in news on March 22, 2013.

The phishers, during September 2012, unleashed a scam, which utilized one separate IE flaw, whereas during August 2012, one more scam used a Java flaw. At that time the criminals utilized certain 'typo-squat' domain namely slashdoc.org. Apparently, the exploit's Metasploit edition had been utilized, remarks Blasco. When people accessed slashdoc.org, they downloaded Java's 0-day attack code whilst those susceptible got the malware.

The last Sykipot scam has been reported only some weeks back that aimed at Japan utilizing the identical attack code edition as the one told about during the 3rd-week of March 2013 that targeted Tibetan as also Uyghur activists. The scam aimed at Japan, utilizing a malicious PDF attachment in spear phishing e-mails, and seemingly was devised to target the Health, Labour and Welfare ministry of Japan.

» SPAMfighter News - 3/30/2013