Laziok Info-Stealer Targets Energy Firms

ThereEUs a new information stealer online -- and itEUs targeting energy companies. ItEUs called Trojan.Laziok and it acts as a reconnaissance tool that allows attackers to gather information and custom tailor attack methods for each compromised computer, according to security research firm Symantec.

Symantec Security Response manager Christian Tripputi said the stolen information lets the hacker make important decisions about the next phase of the attack or stop the attack altogether.

EUDuring the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected," he said.

6 Best Practices

The attackers work through spam e-mails originating from the MoneyTrans.eu domain. The e-mails carry a malicious attachment packed with an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158), Symantec reported. The exploit code is activated when a user opens the e-mail attachment.

EUThis vulnerability has been exploited in many different attack campaigns in the past, such as Red October,EU Tripputi said. EUSymantec and Norton products had protection in place against these exploits at the time of the targeted attack as Bloodhound.Exploit.457 and Web Attack: Microsoft Common Controls CVE-2012-0158.EU

After the malware collects the information, attackers can use it to infect the computer with more malware. In a campaign Symantec researched from January to February, the attackers distributed customized copies of Backdoor.Cyberat and Trojan.Zbot. Tripputi said both are tailored for the compromised computerEUs profile.

Symantec offers six best practices to protect computer systems from the attack: avoid clicking on links in unsolicited, unexpected, or suspicious e-mails; avoid opening attachments in unsolicited, unexpected, or suspicious e-mails; use comprehensive security software to protect yourself from this type of attack; take a security layered approach for...

Comments are closed.

Laziok Info-Stealer Targets Energy Firms

ThereEUs a new information stealer online -- and itEUs targeting energy companies. ItEUs called Trojan.Laziok and it acts as a reconnaissance tool that allows attackers to gather information and custom tailor attack methods for each compromised computer, according to security research firm Symantec.

Symantec Security Response manager Christian Tripputi said the stolen information lets the hacker make important decisions about the next phase of the attack or stop the attack altogether.

EUDuring the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected," he said.

6 Best Practices

The attackers work through spam e-mails originating from the MoneyTrans.eu domain. The e-mails carry a malicious attachment packed with an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158), Symantec reported. The exploit code is activated when a user opens the e-mail attachment.

EUThis vulnerability has been exploited in many different attack campaigns in the past, such as Red October,EU Tripputi said. EUSymantec and Norton products had protection in place against these exploits at the time of the targeted attack as Bloodhound.Exploit.457 and Web Attack: Microsoft Common Controls CVE-2012-0158.EU

After the malware collects the information, attackers can use it to infect the computer with more malware. In a campaign Symantec researched from January to February, the attackers distributed customized copies of Backdoor.Cyberat and Trojan.Zbot. Tripputi said both are tailored for the compromised computerEUs profile.

Symantec offers six best practices to protect computer systems from the attack: avoid clicking on links in unsolicited, unexpected, or suspicious e-mails; avoid opening attachments in unsolicited, unexpected, or suspicious e-mails; use comprehensive security software to protect yourself from this type of attack; take a security layered approach for...

Comments are closed.