The run-up to the Beijing Olympics has been anything but smooth, with global protests marring the festivities. While police battle the protestors and athletes battle each other, CIOs are engaged in another battle: with hackers using the Olympics as a guise for digital attacks.

safety measure experts at MessageLabs, which scans e-mail messages for hostile composition and provides Web protection services, have found more than a dozen Olympic-themed attacks by the past six months, targeting different industries with Trojan attachments that could allow the attacker to conduct corporate espionage. These e-mail attacks have realistic and legitimate-sounding names, such as The Beijing 2008 Torch Relay, and purport to be from the universal Olympic Committee in some cases, although most originate in Asia.

New Attack Vectors

It’s not new to say that e-mail attacks contain Trojans. What’s new is the latest shift to delivering a malicious payload without being detected by antivirus programs, said Mark Sunner, chief safety

measure analyst at MessageLabs. “The file that was infected with the Trojan was an Access database (.mdb) file,” Sunner said. “Throughout the instance MessageLabs has been intercepting targeted Trojans, nearly all of them have been inside Microsoft Word documents using the vulnerabilities within those file types.”

But as those vulnerabilities have been fixed, the attackers have exhausted their options with Word documents and have moved on to new types of Microsoft files. Sunner said exploits within these file types are much less likely to be detected by traditional antivirus engines.

The evidence shows that the attacks were successful. While MessageLabs won’t say who the target was, Sunner told us that “the social engineering in that attack has been so precise that the target passed the malicious e-mail on to others. It marks the first date that such an outcome was intended by the attackers.”

Hacker 3.0

Targeted attacks…

Orginal post by Top Tech News