French energy company targeted with faulty malware
Posted on 12.09.2012
A researcher of Norwegian security firm Norman has recently come across and analyzed a peculiar malware sample that was likely aimed at compromising computers of employees of AREVA, a French conglomerate specializing in various energy sectors.

"Samples we receive are routinely sent to automatic processing in our in-house Malware Analyzer G2 systems. I often sift through these looking for interesting details. One of the things I keep looking for is whether the sample displays information to the user," explains the researcher.

"Normal malware usually tries to be invisible. Targeted malware, on the other hand, usually arrives with a message (typically email), and so needs to pretend to have something to say."

This particular malware caught his eye because apart from the Dark Comet RAT, it also included a PDF file of a scanned printout of an internal email from AREVA-NC in La Hague in Normandy, an iTunes library file and ten images of unknown individuals in a family context.


But this is not the only peculiarity that distinguishes this attack from others. There is also the fact that even if the social engineering attempt was successful and the recipients downloaded the malware, it wouldn't work as the trojan doesn't automatically run and is misconfigured.

The researcher offered his opinion on likely attack scenarios tied to this sample, saying that it could be a test build, a botched real attack or even an attempt to confuse researchers.

"There is another theory, which I have to consider but donít know whether to laugh or cry over," says the researcher. "It is possible that the attacker has by accident included not only his 'attack files' - the AREVA PDF and the failed DarkComet Ė but somehow managed to include other files. Like for example a whole folder which may have contained his own family pictures."






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //