Malicious attachments on the Libyan crisis

From Symantec they disclose a attack targeting 6 organizations involved with human rights, the victims received emails with a malicious attachment that simulated being sent by another person in the organization:

As you can see the attachment appears to be a Word document with information on the Libyan crisis, in fact it is a document in RTF format which exploits a known vulnerability in Microsoft Office (CVE-2010-3333), if the file is opened with an unpatched version the system can be infected with any kind of malware.

These types of attacks are called spear phishing, malicious emails are sent to several employees of the same company falsifying the sender's address for that of another employee, in this way the victims believe that it is a legitimate email.

The technique requires prior research to obtain information about the target and collect emails, but this is a simple thing to do with programs -example La Foca and Maltego-, social networks and even Google itself.

The best way to avoid these attacks is to be careful when opening unexpected attachments, although they seem to be sent by the bossIt is best to ask him or make sure he is actually sharing a document.

Generally, in custom attacks, the malicious codes used are tailored to each target, making it difficult for antivirus scanners to detect.

See also: Hello, I am a journalist and I want to interview you… I am attaching the questions.