Single-victim spam attacks skyrocket

Malicious Microsoft Office documents are the weapon of choice for one-off attacks

Micro-managed attacks that consist of one e-mail targeting one person are up more than 10 times over last year's levels, a message security company said Tuesday.

These targeted attacks aim a very low number of spam messages -- more often than not just one -- at individuals working at companies or government agencies with data that criminals prize. Like spam that is blasted in massive quantities, these messages come with a malicious payload that tries to compromise the recipient's PC, usually by bundling multiple exploits against zero-day vulnerabilities or bugs that users haven't gotten around to patching.

In a report issued Wednesday, MessageLabs said it intercepted 716 messages from 249 targeted attacks last month; those attacks were aimed at 263 domains representing 216 customers.

Last year, said Alex Shipp, a MessageLabs research engineer, the company was seeing two a day on average. "Two years ago it was two attacks a week, last year two a day," he said.

Most of the attacks rely on malformed Microsoft Office documents, in particular Word and PowerPoint files, said Shipp. "They're not just using one exploit, but several" in a single malicious file, he added. Together, Office attack documents made up 84 percent of March's detected one-offs.

Those exploits are so successful, said Shipp, that one Chinese hacker gang has relied on the same two attack files since November 2006, and used the pair more than 150 times in the last five months.

Almost a fourth of March's victims were categorized by MessageLabs as Public Sector, meaning governments and governmental agencies. "All of these are data-stealing attacks," said Shipp. "They want to get information, and they all eventually use some kind of PC remote control malware to exploit the organization." Shipp declined to go into more detail, citing customer confidentiality.

Microsoft's Office suite was patched numerous times in 2006, and more fixes were released in January and February of this year for Excel and Word, respectively. PowerPoint, however, hasn't been patched since October 2006. Several PowerPoint bugs have yet to be fixed, including one acknowledged by the Microsoft Security Response Center (MSRC) last year. Because the MSRC determined that the flaw wasn't remote exploitable, however, it decided not to release a patch.

Shipp wouldn't hesitate a guess as to the PowerPoint vulnerability attackers might have exploited in March, but the MessageLabs report offered some detail. "It may be a PowerPoint record length exploit, but there are several other areas of interest in the files which may be the trigger," the report said.

While the attackers seem to be concentrated in China, their victims are scattered across the globe, said Shipp.

The MessageLabs report can be found online.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?