Posted on 02/09/2007 7:54:07 PM PST by SandRat
*** IT Security Alert ***
** This is a very serious matter **
Increasingly over the past few weeks, specifically targeted social engineering attacks have been made via email messages designed to be extremely tempting to target recipients. These attacks are exploiting vulnerabilities in Microsoft Outlook and other applications to secretly plant malicious software on the targeted user's machine. The malicious software can be used to gain access to other network resources, allowing hostiles to extract proprietary data that can be extremely damaging. Malicious payloads can also lie dormant ("zombies"), to be activated in a manner that disrupts network operations during a time of crisis, impacting your ability use your computer when needed most.
There is increasing evidence that highly-sophisticated, well-financed attackers have been hand-crafting messages to exploit social vulnerabilities of specific users. For example, attackers may be farming and exploiting user-preference data (such as a particular user's interest in NASCAR websites) to craft payloads that will have a high likelihood of being opened by that particular victim. When the email and/or attachment is opened, it will look legitimate (e.g. it may contain the purported hysterically funny video or a list of Valentine's Day jokes), but silently, in the background, a very dangerous payload is being installed.
Once compromised, a machine can also be used by hostiles to monitor network traffic or to sift through network file shares to steal data or passwords, and to monitor network traffic of other users in order to establish additional social profiles (for subsequent targeted attacks).
We are under very deliberate attack. Hostiles have much to gain by exploiting our IT resources. They are relying heavily on zero-day exploits (i.e., on malicious payloads that are not yet detected by even the most up-to-date anti-virus software signatures)... and they are counting on you to open an email just because the subject looks intriguing. Don't Be Their Fool!
Maintain the highest possible diligence.
Do not open email that is not clearly work-related.
Do not forward non-expected email to others.
Do not open attachments (even from trusted sources) unless you're *expecting* to receive an attachment from that sender. If you're not absolutely sure why someone sent you an attachment, check with them for confirmation before opening it!
Related:
http://www.freerepublic.com/focus/f-news/1781205/posts
S. Korea: Trojan Horse Attacks Originating in China - Largest in History
Sometimes I deliberately infect my PC, just to figure out how those viruses work.
The UNIX system underlying OS X was stable and secure when Richard Nixon was still in office. The feeble crapware from Microsoft will never be safe.
-ccm
Read the above post five times.
oh yea... before the internet was invented by Al Gore... ;)
What's our source on this?
Do we know if it can effect a fully patched XP machine if the user doesn't open an attachment?
Came from Corporate IT Dept.
An attack from China?
Bearing in mind that PC's are ubiquitous and will always be, I'm not sure how this post helps anything.
Furthermore, claiming that Apple is immune from the exact same sort of attack is nothing short of misplaced hubris.
My firewall gets probed from red China daily. I should have bought stock in Whois.
5.56mm
Determined to be an origination point.
Betchya one yen that America is all over China, too. :)
IBM Selectric typewriters used to be ubiquitous too. Nothing lasts forever. Microsoft will fall from its current position sooner or later.
Furthermore, claiming that Apple is immune from the exact same sort of attack is nothing short of misplaced hubris.
The main reason that this is not so is due to Microsoft's poor implementation of Administrator privileges. There are many Windows programs that still don't run except in Administrator mode, and thus there are far too many grannies, kids, office drones, and other assorted lusers running Windows as administrators. This allows rooting of your PC box from a website or an e-mail attachment without any further intervention by the luser.
In OS X and other Unix systems, by contrast, the bright line dividing super-users and regular users has been well established for decades. There are no OS X application programs that require Administrator/super-user rights, and any mucking with the system requires explicit super-user validation. A malware payload of the type discussed here would bring up a dialog box requring the user to explicitly give a super-user's name and password before it could proceed.
-ccm
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.