Criminal Ring Continues Exploits - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Criminal Ring Continues Exploits

MessageLabs revealed new data on the levels, victims and sources of targeted email attacks in April 2007

NEW YORK -- MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today revealed new data on the levels, victims and sources of targeted email attacks in April 2007. Last month MessageLabs intercepted 595 emails in 249 separate targeted attacks aimed at 192 different organizations. Of these, 180 were one-on-one targeted attacks. These numbers represent a decrease compared to last month largely due to a drop in attacks by a Taiwanese criminal ring, “Task Briefing,” using the CVE-2006-0022 PowerPoint exploit. There was also a decline in attacks using .exe files. Ninety-five percent of targeted attacks in April 2007 used Microsoft Office suite exploits.

Microsoft Word has once again become the most common exploit vector, with an increase in attacks using Word documents that contain SmartTag exploit, CVE-2006-2492. These attacks increased dramatically since March 2007 from four attacks going to four single recipients to 66 attacks going to 273 recipients in April.

Although PowerPoint attacks decreased in April, those attacks that were made using exploit CVE-2006-0022 were made by Taiwanese criminal gang, “Task Briefing,” named for the subject line in the emails they use. The ring made six attacks this month, sending 61 emails accounting for 10 percent of all targeted emails in April, the longest of which lasted 45 hours. In March, the same gang sent 151 emails accounting for more than 20 percent of targeted attacks.

“This month we saw a significant surge in documents using the CVE-2006-2492 exploit,” said Alex Shipp, Senior Anti-virus Technologist, MessageLabs. “On first sight, it appears that more than one hacker ring is using this Microsoft Word exploit, and so an exploit generator kit might exist, although this has not yet been found.”

One additional attack using the same PowerPoint exploit but originating from an IP address in China targeting 14 Japanese email addresses suggests that there may be a second criminal ring in operation.

MessageLabs Ltd.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Preparing for the Upcoming Quantum Computing Revolution
John Edwards, Technology Journalist & Author,  6/3/2021
How SolarWinds Changed Cybersecurity Leadership's Priorities
Jessica Davis, Senior Editor, Enterprise Apps,  5/26/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll