French energy company targeted with faulty malware
Posted on 12.09.2012
A researcher of Norwegian security firm Norman has recently come across and analyzed a peculiar malware sample that was likely aimed at compromising computers of employees of AREVA, a French conglomerate specializing in various energy sectors.

"Samples we receive are routinely sent to automatic processing in our in-house Malware Analyzer G2 systems. I often sift through these looking for interesting details. One of the things I keep looking for is whether the sample displays information to the user," explains the researcher.

"Normal malware usually tries to be invisible. Targeted malware, on the other hand, usually arrives with a message (typically email), and so needs to pretend to have something to say."

This particular malware caught his eye because apart from the Dark Comet RAT, it also included a PDF file of a scanned printout of an internal email from AREVA-NC in La Hague in Normandy, an iTunes library file and ten images of unknown individuals in a family context.


But this is not the only peculiarity that distinguishes this attack from others. There is also the fact that even if the social engineering attempt was successful and the recipients downloaded the malware, it wouldn't work as the trojan doesn't automatically run and is misconfigured.

The researcher offered his opinion on likely attack scenarios tied to this sample, saying that it could be a test build, a botched real attack or even an attempt to confuse researchers.

"There is another theory, which I have to consider but don’t know whether to laugh or cry over," says the researcher. "It is possible that the attacker has by accident included not only his 'attack files' - the AREVA PDF and the failed DarkComet – but somehow managed to include other files. Like for example a whole folder which may have contained his own family pictures."






Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //