Targeted trojan attacks and industrial espionage

Alex Shipp MessageLabs

Currently our statistics show that over email we are stopping 3,000,000 items of malware a day, of which approximately 7 on average can be classified as a targeted trojan attack. This is less than 0.001% of all malware arriving by email, so should we be worried? Analysis shows that these trojans are predominantly an attempt to get data-stealing software inside an organisation, so perhaps we should.

In this paper I will run through a typical targeted attack, talk about what the attacker is trying to achieve, and how they are trying to achieve it. I will then also look at patterns and trends over the last 12 months, and try to make some predictions for the future.

I will also derive some metrics which can be used to explore if targeted attacks should be high up on a company's risk analysis awareness, even though the number of attacks is small.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘This was my first attendance at a Virus Bulletin conference and I found it extremely worthwhile - excellent speakers, good discussions, valuable networking and generally a decent educational venue.’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

Malware Prevalence

Agent
Mytob
Invoice
NetSky
Suspect packers

View this month's full report

Virus Bulletin currently has 148,287 registered users.

Fighting malware and spam