Print
Discuss
Send to friend
RSS feedsSecurity experts at Infosecurity Europe 2007 are warning of hack attacks and data theft being made easier by the use of hidden executables and a high-tech variant on the microdot spying technique.
The first attack involves planting an executable malware file in a Word document. When the document is opened it crashes the system and the malware is automatically loaded when the computer reboots.
"It is a cunning technique because antivirus software does not detect this kind of attack," said Pete Simpson, Threatlab active manager at Clearswift.
"A lot of legacy Word code is ripe for this kind of attack. It is the attack vector of choice for hostile intelligence agencies and professional criminals."
The second technique is a variant of the traditional spying method of microdotting, where information is photographed and reduced to the size of a dot and pasted into a document.
The new technique is similar, but uses text boxes in Word documents. Sensitive information can be pasted into a text box and then the box is reduced and placed in the document to resemble a punctuation mark.
But antivirus vendors are sure that existing security systems would stop the first kind of attack.
"It is a really nasty one to beat, but in the end it would fail if systems are up to date," said David Emm, technology consultant at Kaspersky Labs.
"Once the malware tries to run it would be picked up by its signature file, or by its actions being picked up by the heuristics engine."
See also:
Glass half full for some, half empty for others 25 Apr 2007
Global force to deal with a global problem, says Kaspersky 25 Apr 2007IBM warns that education is everyone's responsibility 25 Apr 2007As lucrative as class As and less chance of getting shot 25 Apr 2007
Attackers release exploit one day after Microsoft's monthly patch release 15 Feb 2007All Enterprise Security Technology
del.icio.us
Digg this
reddit!
