honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Tuesday, April 24, 2007

Cyber spies target Office files

By Byron Acohido
USA Today

SEATTLE — Cyber spies have a new secret weapon: tainted Microsoft Office files.

A rising number of cyber attacks are taking aim at specific individuals at critical government agencies and corporations — enticing them to unwittingly open a corrupted Word, Excel or PowerPoint file sent as an e-mail attachment.

Clicking on the file relinquishes control of the PC without the user's knowledge. The attacker then uses the compromised PC as a base from which to roam around the organization's internal network.

Federal agencies and defense and nuclear contractors are under assault; security firm MessageLabs says it has been intercepting a series of attacks from PCs in Taiwan and China since November.

"The bad guys know which organizations have data worth stealing and are picking them out one by one," says Alex Shipp, senior technologist at MessageLabs.

In early 2006, security experts detected one or two such attacks a week; last month, MessageLabs intercepted 716 e-mails carrying corrupted Office files aimed at 216 different agencies and companies.

Assaults are coming from China and perhaps other countries in the hunt for military, trade and infrastructure intelligence, says Alan Paller, research director at The SANS Institute, a security think tank. Their goal: strategic advantage over the United States. "The attacks are working," says Paller. "Penetrations are deep and broad."

And some attacks could be "on-demand," at the behest of companies that hire cyber gangs to pilfer data from rivals, says Righard Zwienenberg, chief researcher at Norman Data Defense Systems.

At a congressional hearing last week on cyber security, Donald Reid, a senior State Department official, described how an employee last May clicked on a Word document corrupted via a security hole for which Microsoft had no patch. A fix wasn't available until eight weeks later. Microsoft has issued 10 patches for security holes in Office programs since January 2006, including a handful delivered only after crooks began using newly discovered flaws in their attacks. The best protection: keep Office security patches updated.

The Office file attacks are "very targeted and very limited," says Mark Miller, Microsoft's director of security response.

Microsoft has been slow to patch security holes in Office programs, says Zwienenberg. "But the cyber-criminals are getting smarter and smarter," he says.