Nitro Attackers Keep Aiming at Chemical Companies Online

Security researchers from Symantec the security company state that despite their paper released at October 2011 end regarding the alleged Nitro assaults, which tried stealing the chemical manufacturing sector's secrets, a December 12, 2011 released paper notes that the identical cyber-thieves continue to be active.

Essentially the hackers' mode-of-theft from the chemical companies remains unchanged. Thus, they continue to use the identical tactics of social engineering i.e. dispatch harmful spam mails.

Moreover, these new attacks are interesting in that the cyber-criminals utilize Symantec's own e-threats study for duping victims. A particular electronic mail, which Symantec intercepted, had been created to cunningly seem like it was dispatched from its unit that provided technical support as also cautioned recipients about several business PCs that had been contaminated with malicious software.

The fake e-mail asserted that Symantec released one special malware eliminating program with which consumers could scan their computers. There was also one attached 7-Zip archive provided named the_nitro_attackspdf.7z which had one malevolent .exe file along with copy of the initial Nitro report by Symantec.

Furthermore according to Symantec, the attackers while making their e-mail appear somewhat authentic, actually dispatched one file to end-users, which depicted the very operation they executed. For, the .exe document represented one fresh version of the familiar backdoor Trojan namely Poison Ivy, the company notes. PCWorld published this, December 13, 2011.

Subsequently, remarking about the above fresh attacks, Gavin O'Gorman and Tony Millington, researchers at Symantec stated that even with the whitepaper's release, the hackers' gang kept on doing their activities without check. They continued to utilize the identical attack methods as also the identical ISP that hosted the services of their C&C infrastructures, they explained. Softpedia.com published this on December 13, 2011.

Hence, owing to the said attacks, Symantec stopped all incoming e-mails of the above offensive kind, while got the ISPs supporting the command-and-control infrastructures to shut the servers down.

Incidentally, Symantec's new research paper coincides with the time-period when IT specialists during the recent Doha-held "World Petroleum Conference" discussed the rise in Internet assaults within the IT sector assaults that were commercially as well as criminally motivated.

» SPAMfighter News - 12/22/2011