Windows Update Trojan Hits Government Contractors

Here’s something that most of us around DC have to worry about … either directly or indirectly through our enterprise users. First it was a spiked PDF document disguised as a CFP. A few days later it was a list of conference attendees in a booby-trapped ZIP file. Now it’s back to malicious PDF files that install a Trojan that mimics Windows Update. Seculert and Zscaler describes this most recent threat in their “The MSUpdater Trojan and Ongoing Targeted Attacks” report they released a few days ago. The paper describes how attackers continue to target government contractors with the goal of stealing sensitive information using complex and difficult to detect Trojans that gain backdoor access to systems. Ah … the fight goes on.

via myce.com

A joint report was just released that details attacks that have been targeted at government contractors since 2009. The attacks involve phishing emails under the guise of inviting people to conferences.

The report by Seculert and Zscaler, details that the phishing emails contain PDFs that when opened exploit Adobe Reader flaws. These files then install an “MSUpdater” trojan, which does a very good job of posing as a legitimate Windows Update process. What really happens is that the trojan provides backdoor access into the network, giving the attackers unfettered access to very sensitive files, for as long as the trojan remains active.

The report states, “Foreign and domestic (United States) companies with intellectual property dealing in aero/geospace and defense seem to be some of the recent industries targeted in these attacks.” The report does not detail exactly which companies have been involved.

Continued here.

#####

Please let us know what you think. What controls could the government use to mitigate this threat? Today’s post image is from MyAntiSpyware.com.