Employees of the US IT security company Websense have become the target of malware after the company earlier this week was taken over by the US defense company Raytheon. The workers received an email with the subject "Welcome to join Raytheon" and attach a zip file. The zip file contains the installer of Kaspersky Anti-Virus, plus a DLL.
Once the installation was carried out, was the DLL loaded from the zip file. However, this was the malware. According to Websense it comes to "dll sideloading", also known as "DLL hijacking". A well-known problem that is caused by some of the programs first search in the opened directory to .dll files that are necessary for the execution of the software. An attacker could execute malicious DLL files in this way.
According to Websense, the attack failed because the attackers in their haste had prepared a very sloppy email, without preamble, introduction or explanation. The message consisted of only two sentences, including the password to open the enclosed zip file. "Always use caution with attachments and links in an email and make sure everyone is alert during a takeover. Attackers leave no chance and one click is enough to get infected," said analyst Wang Ulysses.
No comments:
Post a Comment