Personalized Assaults Exploit Libya Unrest: Symantec

Investigators from Symantec the security company caution that highly-personalized e-mail assaults are being launched which are exploiting the critical situation in Libya for spreading infection onto end-users' computers.

The e-mails pretend to be responses to earlier e-mails regarding Libya's present circumstance and display captions such as "Re: DISCUSSION -the final battle in Libya?" They also show a text, which states that the writer is in agreement with the said issue, but due to a formatting deficiency, one broken </html too is seen eventually.

Meanwhile, the very short message tries to trick recipients into opening an attachment named "EconomicStakes in Libya's Crisis.doc" that actually produces a file exploiting a heap-based overflow security flaw in Office Rich Text Format detected as CVE-2010-3333 that Microsoft fixed during November 2010.

Incidentally, attackers, who perform the exploitation successfully, run random malware on the affected computer, Symantec highlights, adding that in the current instance such malicious software is planted.

Recently, the MessageLabs Intelligence team of Symantec.cloud detected the dubious electronic mails as also observed that the perpetrators dispatched them to 27 persons within 6 companies that were involved in supporting humanitarian assistance; campaigning human rights; alternatively were think-tanks related to economic development and foreign affairs.

Explained Jo Hurcombe AV Operations Engineer at Symantec.cloud while writing on a blog, the e-mails that arrived through a Romania-based IP address so deceived the recipients that they thought someone from inside the organizations sent them. Generally, the sender's addresses were spoofed such that they seemed as though they originated from the domains, which the recipients themselves used. This was a much-known trick of social engineering that was typically used in spear-phishing assaults, Hurcombe blogged. V3.co.uk published this on February 26, 2011.

Worryingly, the timing of Symantec's finding coincides with that of online fraudsters across Ghana who during the end-week of February 2011 dispatched 419 e-mails that too abused the Libyan unrest for defrauding victims off their money.

Eventually, the latest incident yet again indicates online-criminals' persistent efforts towards abusing current events. Other likewise incidents, which scammers abused previously are the 2004 Asian tsunami, the Haiti quake, and the African turmoil.

Related article: Personal Security Fears Weigh On Aussies, Kiwis

» SPAMfighter News - 3/8/2011