Energy Sector Companies Assaulted with New Malware - Symantec

Security firm Symantec recently said that a new malware program is being used to explore targeted attacks against companies in the energy sector.

Symantec dubbed this program as Trojan.Laziok and it was employed in spear-phishing attacks earlier this year against companies in gas, petroleum and helium industries.

Malware researchers of Symantec say that attacks targeted companies in several countries in not only Middle East but also in India, U.S., U.K. and other countries.

The Trojan is distributed through spam emails with malicious documents which exploit a Microsoft Office vulnerability for which a patch has been there since April 2012.

Securityweek.com published news on 31st March, 2015 quoting Symantec as saying "when the user opens the Excel file attached in the email, then the exploit code is executed and if the exploit succeeds, it drops Trojan.Laziok starting the process of infection."

Once installed in the system, Laziok starts collecting configuration data of the system like installed software, GPU details and size of the RAM. If the attackers find the injected system interesting it continues to go to next stage.

Securityweek.com published a report on 31st March, 2015 quoting a blog of Christian Tripputi, Response Manager of Symantec Security, as "Once the attackers collected configuration data of the system including details about any installed antivirus software, then they infect the system with more malware. Through this attack, they distributed customized copies of Trojan.Zbot and Backdoor.Cyberat which are specifically designed for the compromised computer's profile. We found that the threats were downloaded from few servers operating in the US, Bulgaria and UK."

Symantec added: "The group masterminding the attack doesn't appear to be advanced enough because they exploited an old flaw and employed their attack to spread well-known threats which are accessible in the grey market."

ZDNet.com published news on 31st March, 2015 stating that still many people have not applied patches for very old vulnerabilities leaving themselves vulnerable to attacks of this type.

Moreover, this is not the first time that energy sector has been attacked with malware-driven campaigns because a separate campaign, nicknamed Shamoon, also exploited the energy sector with a malware payload allowing embezzlement of details before wiping systems.

» SPAMfighter News - 4/8/2015