Company Security Staffers Warned About MSUpdater Trojan
Two of the leading companies in the security industry, Zscaler and Seculert, released a joint report as a result of a thorough investigation targeting a series of attacks that attempt to stay under the radar by sending fake Microsoft Windows Update HTTP requests.
The researchers reveal that another malware, identified as MSUpdater Trojan, is participating in these targeted attacks designed to hit organizations, including government-related ones.
Disguised as a file called msupdater.exe, the Trojan takes place in these malicious operations since 2010, but experts found occurrences of similar attacks since early 2009.
Most of the attacks that drop the above mentioned malware start with a simple email that invites company employees to conferences related to their field of activity, bearing a so-called invitation file that comes in the form of a PDF attachment.
By exploiting vulnerabilities that at the time were considered to be 0-day in Adobe Reader, the msupdater.exe file is dropped on the victim system along with other malevolent elements in a highly sophisticated manner.
Once it’s dropped on a system, the Trojan communicates with a command and control server with the purpose of downloading, uploading and executing files.
Since these attacks are designed to target only firms, staffers, especially the ones that handle company security, are advised to be on the lookout for such threats and take the appropriate measures.
Currently, the emails have been identified as coming in the form of an invitation to conferences such as the IEEE Aerospace Conference, Iraq Peace Conference, Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), and others depending on the organization’s profile.
Experts warn that these types of threats are usually persistent and they’re bound to exist undetected for long periods of time.
Security solutions providers offer products that mitigate advanced persistent threats (APTs), but sound security policies are also needed to make sure the malicious elements don’t infiltrate company networks.
Disguised as a file called msupdater.exe, the Trojan takes place in these malicious operations since 2010, but experts found occurrences of similar attacks since early 2009.
Most of the attacks that drop the above mentioned malware start with a simple email that invites company employees to conferences related to their field of activity, bearing a so-called invitation file that comes in the form of a PDF attachment.
By exploiting vulnerabilities that at the time were considered to be 0-day in Adobe Reader, the msupdater.exe file is dropped on the victim system along with other malevolent elements in a highly sophisticated manner.
Once it’s dropped on a system, the Trojan communicates with a command and control server with the purpose of downloading, uploading and executing files.
Since these attacks are designed to target only firms, staffers, especially the ones that handle company security, are advised to be on the lookout for such threats and take the appropriate measures.
Currently, the emails have been identified as coming in the form of an invitation to conferences such as the IEEE Aerospace Conference, Iraq Peace Conference, Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), and others depending on the organization’s profile.
Experts warn that these types of threats are usually persistent and they’re bound to exist undetected for long periods of time.
Security solutions providers offer products that mitigate advanced persistent threats (APTs), but sound security policies are also needed to make sure the malicious elements don’t infiltrate company networks.