[email protected] +603-2181 3666
All IT News eConfirm.my
IT News
Trojan.Laziok – Energy Sector Targeted
April 1, 2015 By aatech
0

A new Trojan specifically targeting the energy sector has been found.  Trojan.Laziok is being used to compromise energy sector companies in a multi-staged targeted attack.  This Trojan also acts as a reconnaissance tool, which means that it will gather information on the systems and then tailor the attack methods.

The malware will then identify the computer name, installed software, the capacity of the RAM and hard disk, CPU details, as well as the version of the antivirus software.  This allows the attacker to plan their attacks in a specific manner, and even halt the attack.

Researchers found that the majority of attacks were targeted at petroleum, gas and helium industries.

As is the common practice among cyber crimes, the malware is introduced by way of spam emails originating from the moneytrans.eu domain, containing an exploit (see Definition) for theMicrosoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability(CVE-2012-0158).

When the user opens the email attachment, which is an Excel file, the exploit code is released; dropping the Trojan and the infection process begins.  The Trojan hides itself in the%SystemDrive%Documents and SettingsAll UsersApplicationDataSystemOracle directory, making new folders and renaming itself with well know names.

Based on the system configuration data derived from the computer, the attackers are able to customize the attack accordingly.   They will then infect the computer with additional malware such as Backdoor.Cyberat and Trojan.Zbot.

It is also reported that the attackers exploited an old vulnerability and used the attack to distribute well-known threats.  This glaringly reveals that users have failed to apply patches for vulnerabilities that are old.  The failure to do so leaves them vulnerable to attacks.  It is a boon to the attackers as they don’t have to rely on advance tools to launch a successful attack.

It can never be repeated enough: vulnerabilities in the system should be patched whenever it is available.  Leaving them un-patched can be likened to leaving the doors, windows or the gates of your home opened all the time.  It’s a recipe for disaster.

Recommendation

  1. DO NOT open email attachments from unknown sources or emails that appear to be legitimate but suspicious.
  2. Apply patches to plug the system vulnerabilities.

Definition

  1. Exploit – a tool designed to take advantage of a flaw in a computer system for malicious purpose such as installing malware.

Source

  1. Norse Corp blog