French energy company targeted with faulty malware
Posted on 12.09.2012
A researcher of Norwegian security firm Norman has recently come across and analyzed a peculiar malware sample that was likely aimed at compromising computers of employees of AREVA, a French conglomerate specializing in various energy sectors.

"Samples we receive are routinely sent to automatic processing in our in-house Malware Analyzer G2 systems. I often sift through these looking for interesting details. One of the things I keep looking for is whether the sample displays information to the user," explains the researcher.

"Normal malware usually tries to be invisible. Targeted malware, on the other hand, usually arrives with a message (typically email), and so needs to pretend to have something to say."

This particular malware caught his eye because apart from the Dark Comet RAT, it also included a PDF file of a scanned printout of an internal email from AREVA-NC in La Hague in Normandy, an iTunes library file and ten images of unknown individuals in a family context.


But this is not the only peculiarity that distinguishes this attack from others. There is also the fact that even if the social engineering attempt was successful and the recipients downloaded the malware, it wouldn't work as the trojan doesn't automatically run and is misconfigured.

The researcher offered his opinion on likely attack scenarios tied to this sample, saying that it could be a test build, a botched real attack or even an attempt to confuse researchers.

"There is another theory, which I have to consider but donít know whether to laugh or cry over," says the researcher. "It is possible that the attacker has by accident included not only his 'attack files' - the AREVA PDF and the failed DarkComet Ė but somehow managed to include other files. Like for example a whole folder which may have contained his own family pictures."






Spotlight

Android Fake ID bug allows malware to impersonate trusted apps

Posted on 29 July 2014.  |  Bluebox Security researchers unearthed a critical Android vulnerability which can be used by malicious applications to impersonate specially recognized trusted apps - and get all the privileges they have - without the user being none the wiser.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //