New advanced malware, possibly nation sponsored, is targeting US utilities

by
Dan Goodin
from Ars Technica - All content on (#4MEZZ)
utility-pole-640x426.jpg

(credit: Mailick / Flickr)

A new piece of advanced espionage malware, possibly developed by a nation-supported attacker, targeted three US companies in the utilities industry last month, researchers from security firm Proofpoint reported on Thursday.

Employees of the three unnamed companies, Proofpoint reported, received emails purporting to come from the National Council of Examiners for Engineering and Surveying. This non-profit group develops, administers, and scores examinations used in granting licenses for US engineers. Using the official NCEES logo and the domain nceess[.]com, the emails said that the recipients failed to achieve a passing score on a recent exam. The attached Word document was titled Result Notice.doc.

ncees-email.png

(credit: Proofpoint)

Malicious macros embedded into the document attempted to install a package of full-featured malware Proofpoint calling LookBack. Components included a remote-access trojan written in C++ and a proxy tool for communicating with a command-and-control server. Once LookBack was installed, it gave attackers a full range of capabilities that include:

Read 8 remaining paragraphs | Comments

index?i=B4QCv9WMxQc:TMmjgeXnI3A:V_sGLiPB index?i=B4QCv9WMxQc:TMmjgeXnI3A:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments