June 2005
NISCC Briefing - Targeted Trojan E-mail Attacks
ID: 00494
Ref: 455/2005
Date: 16 June 2005:10:52:54
Version: 1
Title: NISCC Briefing - Targeted Trojan E-mail Attacks
Abstract:
Title
=====
NISCC Briefing - Targeted Trojan E-mail Attacks
Detail
======
You may have seen in the UK national press articles relating to targeted
Trojan e-mail attacks at industry and government.
The articles relate to a warning that has been issued by the National
Infrastructure Security Coordination Centre as NISCC Briefing 08/2005.
The briefing can be found here:
http://www.niscc.gov.uk/niscc/docs/ttea.pdf
Key points discussed in the article:
A series of trojanised email attacks are targeting UK
Government and companies.
. The attackers' aim appears to be covert gathering and
transmitting of commercially or economically valuable
information.
. Trojans are delivered either in email attachments or through
links to a website.
. IP addresses used for sending emails and controlling trojans,
along with email header information, are often linked to the
Far-East.
. The emails employ social engineering, including use of a
spoofed sender address and information relevant to the
recipient's job or interests to entice them into opening the
documents.
. Once installed on a user machine, trojans may be used to
obtain passwords, scan networks, exfiltrate information and
launch further attacks.
. Anti-virus software and firewalls do not give complete
protection. Trojans can communicate with the attackers
using common ports (e.g. HTTP, DNS, SSL) and can be
modified to avoid anti-virus detection.