New Infections from the Latest Web Site Malware Threats

MessageLabs have Discovered That Hackers Are Exploiting the Current Credit Crunch

(27.06.08) - Tier-3, the behavioural analysis IT security specialist, says that newswire reports that recruitment sites are being used by hackers to infect users with malware and other security threats reflect the increasingly devious approach that hackers are taking.

"MessageLabs have discovered that hackers are exploiting the current credit crunch, and the fact that many senior people's careers are stagnating as a result. They are luring people with the promise of new jobs and higher salaries, but all users end up with is an infected PC or worse," said Geoff Sweeney, Tier-3's CTO.

According to Sweeney, the IT security vendors' research has uncovered a legitimate ad on a large Australian recruitment Web site that is being referenced by an RTF (rich text format) letter with an embedded Adobe PDF file.

"Internet users think the email and its associated RTF file are genuine, but they end up infecting their PCs with a Trojan that opens their machines up to remote hackers," he said.

"Problems start to occur when users click through on the Adobe PDF and wait for their screen to update. This, of course, doesn't happen, but the machine is really being infected in the back-ground," added.

Sweeney went on to say that hackers appear to be targeting senior managers and even board level executives with the emails, As a result, the recipients think the email-shot is genuine and do not suspect anything.

We have witnessed this sort of attack vector in corporations now for sometime as the combination of social engineering and stealth malware has an extremely high infection rate as it lowers both the end users guard and can bypass most antivirus and content checking systems.

"The problem with these types of infection is that they are almost impossible to stop owing to human psychology. With behavioural analysis IT security technology, however, even if the user clicks on the embedded PDF, behavioural analysis software can recognize and suspicious activity immediately," he explained.

For more on the targeted hacker recruitment emails: http://tinyurl.com/5pc8jf . (Tier-3: ra)