French energy company targeted with faulty malware
Posted on 12.09.2012
A researcher of Norwegian security firm Norman has recently come across and analyzed a peculiar malware sample that was likely aimed at compromising computers of employees of AREVA, a French conglomerate specializing in various energy sectors.

"Samples we receive are routinely sent to automatic processing in our in-house Malware Analyzer G2 systems. I often sift through these looking for interesting details. One of the things I keep looking for is whether the sample displays information to the user," explains the researcher.

"Normal malware usually tries to be invisible. Targeted malware, on the other hand, usually arrives with a message (typically email), and so needs to pretend to have something to say."

This particular malware caught his eye because apart from the Dark Comet RAT, it also included a PDF file of a scanned printout of an internal email from AREVA-NC in La Hague in Normandy, an iTunes library file and ten images of unknown individuals in a family context.


But this is not the only peculiarity that distinguishes this attack from others. There is also the fact that even if the social engineering attempt was successful and the recipients downloaded the malware, it wouldn't work as the trojan doesn't automatically run and is misconfigured.

The researcher offered his opinion on likely attack scenarios tied to this sample, saying that it could be a test build, a botched real attack or even an attempt to confuse researchers.

"There is another theory, which I have to consider but donít know whether to laugh or cry over," says the researcher. "It is possible that the attacker has by accident included not only his 'attack files' - the AREVA PDF and the failed DarkComet Ė but somehow managed to include other files. Like for example a whole folder which may have contained his own family pictures."






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //