IBM ISS on Document-based attacks

For the past year IBM Internet Security Systems has been following a new trend in malware - malware writers have figured out how to embed malicious code into innocuous looking documents - like Microsoft Office documents and .pdfs - so they are invisible to most antivirus systems.

If you remember, about 10 years ago it was common for viruses to be attached to Office documents via macros. But once antivirus software was able to identify macros, this threat vector became pretty tame.

This new technique is different, however. Today’s malware writers embed something called "shell code" in the document, which is invisible to most antivirus systems. The code is typically designed to give criminals remote access for identity theft, botnet and espionage purposes. This is especially problematic because people today have been trained to be suspicious of documents with odd file extensions, but they inherently trust attachments with .doc, .xls, .pdf and .ppt attachments. Therefore this tactic is enjoying a very high infection rate, including a phishing attack using this very technique that occurred at the Department of Defense in the United States http://www.fcw.com/article97186-12-26-06-Web.

ADMIN ::: site web et template SPIP ::: Oxymium :::

IT security solution(s), IT security , anti virus, IT security protection, virus, job offer/employment , network security news, network security , IT security magazine, virus alert, special report on IT security/IT security feature, IT security project, biometry, telecom network security, spyware security/spyware protection, trojan information, trojan, IT intrusion, spam, email security, anti-spam software, firewall security/firewall protection, firewall, telecom security, hackers/cyber criminals, trojan horse, storage, SAN, FNA?, IT backup