Asia launches Olympic exploits at enterprise

Flame bearers relay Trojans.

A spate of Beijing Olympic phishing e-mails have been discovered which install Trojans via a Microsoft Office vulnerability.

The attacks are targeting government and enterprise organisations through a Microsoft Office database file exploit, known as an MDB file, that allows remote code execution.

Subject lines include "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents".

MessageLabs senior anti virus technologist Alex Shipp said the attack could use various file formats including 1 byte XOR keys, ROR, ROL, ADD and SUB.

"These attacks are highly targeted at organisations that have highly confidential and valuable data, such as military and government bodies," he said.

"The malicious EXE file can remain undetected for several months."

MBD files are not classified as an exploit, per se, because it relies entirely on the user to execute the attachment and is not dissimilar to rank-and-file executable code.

The files can trigger a variety of programs and macros, including Active X and Visual Basic for Applications (VBA) controls, which could carry malicious content.

The attachments may be better used in a social engineering attack where the malicious code purports to be business information such as financial charts.

About 13 phishing attacks targeted at the Olympic Games have been found since December last year, according to Shipp, all which originate from a single IP address in the Asia Pacific.

Join the newsletter!

Error: Please check your email address.

More about MessageLabsMicrosoftVIAXor

Show Comments

Market Place