Asia launches Olympic exploits at enterprise

A spate of Beijing Olympic phishing e-mails have been discovered which install Trojans via a Microsoft Office vulnerability.

The attacks are targeting government and enterprise organizations through a Microsoft Office database file exploit, known as an MDB file, that allows remote code execution.

Subject lines include "The Beijing 2008 Torch Relay" and "National Olympic Committee and Ticket Sales Agents."

MessageLabs senior antivirus technologist Alex Shipp said the attack could use various file formats including 1 byte XOR keys, ROR, ROL, ADD and SUB. (Compare antivirus products)

"These attacks are highly targeted at organizations that have highly confidential and valuable data, such as military and government bodies," he said.

"The malicious EXE file can remain undetected for several months."

MBD files are not classified as an exploit, per se, because it relies entirely on the user to execute the attachment and is not dissimilar to rank-and-file executable code.

The files can trigger a variety of programs and macros, including Active X and Visual Basic for Applications (VBA) controls, which could carry malicious content.

The attachments may be better used in a social engineering attack where the malicious code purports to be business information such as financial charts.

About 13 phishing attacks targeted at the Olympic Games have been found since December last year, according to Shipp, all which originate from a single IP address in the Asia Pacific.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.