By Scarlet Pruitt
JUNE 16, 2005
IDG NEWS SERVICE
LONDON -- Critical-infrastructure providers in the U.K. are being
targeted in Trojan e-mail attacks designed to steal sensitive
information such as passwords and documents, a national infrastructure
security agency warned today.
Tailored attacks against U.K. government departments, businesses and
other organizations have been occurring for a significant period of
time and have recently become more sophisticated, according to the
National Infrastructure Security Co-ordination Centre (NISCC).
The e-mail arrives with attachments containing Trojan horse viruses or
links to Web sites that host Trojan files. A Trojan horse is an attack
method in which malicious code is hidden in seemingly harmless files,
and they can allow virus writers to gather information and remotely
control infected machines without the owners' knowledge.
Th e-mail subject headers have been written to appeal to recipients,
often referring to recent news articles, the NISCC said in a briefing
paper. Attacks normally focus on individuals working with commercially
or economically sensitive data, it added.
The subject headers and IP addresses of the e-mail suggest they are
being sent from the Far East, the NISCC said.
More than 300 U.K. government departments and businesses have been
targeted in the attacks, according to antivirus firm Sophos PLC, which
has been working with the NISCC to identify the threats.
The NISCC has not revealed the specific target organizations, and it
is unclear whether information has already been stolen, said Sophos
security consultant Carole Theriault.
However, the NISCC said that machines compromised by the attacks pose
a threat to the confidentiality, integrity and availability of stored
data and can be used to launch attacks on other networks.
"They probably saw these Trojans and panicked and wanted to inform the
public of it," Theriault said.
But aside from being directed at government departments, the Trojans
aren't very different from e-mail threats detected by researchers
every day, according to Theriault. An increasing amount of attacks
target specific kinds of users, and many have the ability to steal
information and open back-door capabilities, she said.
Still, the NISCC warning could serve to make computer users more aware
of the sophistication and prevalence of new types of e-mail attacks.
The NISCC advised possible recipients to update their antivirus
software and to educate users. It advised administrators to examine
firewall logs of critical systems for anomalous IP addresses and
review mail server access logs for evidence of connections from
unusual IP addresses.
The agency has further information on detecting and mitigating the
threats on its Web site .
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.