Symantec is a leading internet security software company in the security industry. One of the services of Symantec is to identify new software and malware threats emerging on the internet. The researchers at Symantec recently found out about a multi-level targeted attack scheme that implants new information stealing malware Trojan called Trojan.Laziok in the computers of energy companies on worldwide basis. The focus is on Middle East. Symantec found that one out of four targets is located in United Arab Emirates. Ten percent of the targets are in Saudi Arabia, ten percent are in Kuwait and ten percent are found in Pakistan.
Christian Tripputi who is a highly sought after Symantec security response manager disclosed certain facts about the threats menacing the Petroleum, Gas and Helium companies. He said that during the period of his research he found that the most of the targets were identified as petroleum, gas and helium companies. He further added that the people behind the attacks had strategic interest in the objectives of the companies affected.
The attacks were initiated from the spam email generated from the domain. That domain was detected by security software as moneytrans[dot]eu. The emails sent to the companies consisted of attached Excel file that executed the Trojan code targeting an ActiveX vulnerability. This vulnerability has been used in several other attacks earlier. That includes the Red October attack scheme that was revealed in January 2013.
If the threat is successful in executing its code it can infect the computer with Trojan.Laziok. The Trojan then collects the system configuration data and then sends it to the attackers. It then downloads additional malware. That includes modified versions of the Backdoor.Cyberat. One more malware that is added to the system is Trojan.Zbot.
According to Tripputi, the cyber perpetrators behind the attack are not very advanced. That is why they used an old vulnerability to gain access to the computers. They utilized their attacks to disperse popular threats that can be easily found in the underground market. He further added that many people were unable to apply the patches to their software for eliminating the vulnerabilities. That were several years old. It left them prone to the attacks of this type.
Adam Kujawa who is the head of malware detection center at Malwarebytes Labs, told us that attack clearly suggests that it is very important to update the essential software in the computer regularly. He remarked that attackers used an older type of attack. He further added, that it is not the recent vulnerability with which they are infecting the systems. They did not use any innovative method of infection. He commented that, in reality their attack is elementary and outdated. For the organizations that do not follow the proper security procedures like updating their software for running on secure systems, it is a tremendous problem that can cost them dearly.
Kujawa also added that it is important to note that this type of security threat has been identified in most of the malware and exploits. Even the most basic type of exploits tend to find the vulnerabilities and launch an attack, to confirm the target and make sure the attack is successful. They also ensure that the attack lasts as long as possible and stays undetected.