Cyber-criminals Employ Fear of Terrorist Strikes in Spear Phishing Campaign

The latest round of terrorist activity that has generated fear among the people worldwide has turned into a reason for cyber-criminals to attack large business houses within Canada and the Middle East through the means of spear phishing scams, published scmagazine.com, November 20, 2015.

A highly malicious part of the scam pertains to the extent obfuscation has been employed whereby the attackers have incorporated real security personnel's names along with a few legitimate attachments.

According to Lionel Payet of Symantec, the security firm observed malware-laced e-mails pretending to utilize Dubai Police Force's address from the United Arab Emirates for making the recipient believe it had official correspondence regarding the way terror attacks could be avoided.

And for making the e-mail appear authentic, the criminals put lieutenant general's name in the message the person who is chief of Dubai police as well as chief of the nation's overall security. The spear phishing e-mail has been made to appear even more authentic with the phishers inserting a lawful attachment.

Payet further blogs that there are dual attachments in the e-mail, a PDF document which isn't really malicious; however, works like a decoy document, and the other containing the malware and forming a .jar archive.

Additional examination tells there is one multi-platform RAT (remote access Trojan) being utilized named Jsocket, identified to be Backdoor.Sockrat.

Actually it's the AlienSpy RAT's developers of 2015 who have created the new Backdoor.Sockrat which facilitates a backdoor for the attacker to load content on contaminated PCs.

Disturbingly, like Internauts in UAE and Canada being targeted, spear phishing messages have also been dispatched to Internauts within Turkey and Bahrain as well as possibly to more countries in near future.

According to Associate Editor David Bisson for Tripwire Inc, spear phishing electronic mail actually creates a sense of urgency or fear in the mind of the recipient tricking him and making him download one dubious attachment, reported grahamcluley.com, November 21, 2015.

Additionally he says a security solution that's up-to-date does sufficiently to safeguard from Jsocket as well as other Trojans, while for e-mail security, it is best to leave dubious web-links and attachments as they are.

» SPAMfighter News - 11/26/2015