Critical infrastructure providers in the U.K. are being targeted in Trojan e-mail attacks designed to steal sensitive information such as passwords and documents, a national infrastructure security agency warned Thursday.
Tailored attacks against U.K. government departments, businesses and other organizations have been occurring for a significant period of time and have recently become more sophisticated, according to the National Infrastructure Security Co-ordination Centre (NISCC).
The e-mail arrives with attachments containing so-called Trojan horse viruses or links to Web sites that host Trojan files. A Trojan is an attack method in which malicious code is hidden in seemingly harmless files, and they can allow virus writers to gather information and remotely control infected machines without the owners' knowledge.
Th e-mail subject headers have been written to appeal to recipients, often referring to recent news articles, NISCC said in a briefing paper. Attacks normally focus on individuals working with commercially or economically sensitive data, it added.
The subject headers and IP addresses of the e-mail suggests they it is being sent from the Far East, NISCC said.
Over 300 U.K. government departments and businesses have been targeted in the attacks, according to anti-virus firm Sophos, which has been working with NISCC to identify the threats.
NISCC has not revealed the specific target organizations, and it is unclear whether information has already been stolen, said Sophos security consultant Carole Theriault.
However, NISCC said that machines compromised by the attacks pose a threat to the confidentiality, integrity, and availability of stored data, and can be used to launch attacks on other networks.
"They probably saw these Trojans and panicked and wanted to inform the public of it," Theriault said.
But aside from being directed at government departments, the Trojans aren't very different from e-mail threats detected by researchers every day, according to Theriault. An increasing amount of attacks target specific kinds of users, and many have the ability to steal information and open backdoor capabilities, she said.
Still, the NISCC warning could serve to make computer users more aware of the sophistication and prevalence of new types of e-mail attacks.
NISCC advised possible recipients to update their anti-virus software and educate users. It advised administrators to examine firewall logs of critical systems for anomalous IP addresses and review mail server access logs for evidence of connections from unusual IP addresses.
The agency has further information on detecting and mitigating the threats on its Web site .