The e-mails are “socially engineered” to suggest that a complaint had been filed against the organization and the details of the complaint could be found in the file attachment, which would lead to a PDF file that contains an embedded executable or a URL that leads to the malware.
“These attacks are reminiscent of similar incidents that were first reported in 2007, when C-level business executives were being targeted with emails that purported to originate from the US Better Business Bureau (BBB),” said Paul Wood, cyber security intelligence manager, Symantec.
He said the new wave of attacks bear similar social engineering techniques to the 2007 attacks, although recently the attackers are using considerably more advanced techniques, including server-side polymorphism, making them “especially protean in nature.”
Server-side polymorphism enables the attacker to generate a unique strain of malware for each use, in order to evade detection by traditional anti-virus security software. Scripts such as PHP are commonly used on the attacker’s Web site to generate the malicious code on-the-fly. “Like the Greek sea-god, Proteus, the continually transforming nature of these attacks makes them very difficult to recognize and detect, Wood said.
Other February Symantec Intelligence Report highlights include:
Spam: In February 2012, the global ratio of spam in email traffic fell by 1.0 percentage points since January 2011, to 68.0 per cent (1 in 1.47 emails). This follows the continuing trend of global spam levels diminishing gradually since the latter part of 2011.
Phishing: In February, the global phishing rate increased by 0.01 percentage points, taking the global average rate to one in 358.1 emails (0.28 per cent) that comprised some form of phishing attack.
E-mail-borne Threats: The global ratio of email-borne viruses in email traffic was one in 274.0 emails (0.37 per cent) in February, an increase of 0.03 percentage points since January 2011. In February, 27.4 per cent of email-borne malware contained links to malicious Web sites, 1.6 percentage points lower than January 2011.
Web-based Malware Threats: In February, Symantec Intelligence identified an average of 2,305 Web sites each day harboring malware and other potentially unwanted programs including spyware and adware; an increase of 9.7 per cent since January 2011.
Endpoint Threats: The most frequently blocked malware for the last month was WS.Trojan.H. WS.Trojan.H is generic cloud-based heuristic detection for files that posses characteristics of an as yet unclassified threat. Files detected by this heuristic are deemed by Symantec to pose a risk to users and are therefore blocked from accessing the computer.