(credit: Maëlick / Flickr)
A new piece of advanced espionage malware, possibly developed by a nation-supported attacker, targeted three US companies in the utilities industry last month, researchers from security firm Proofpoint reported on Thursday.
Employees of the three unnamed companies, Proofpoint reported, received emails purporting to come from the National Council of Examiners for Engineering and Surveying. This non-profit group develops, administers, and scores examinations used in granting licenses for US engineers. Using the official NCEES logo and the domain nceess[.]com, the emails said that the recipients failed to achieve a passing score on a recent exam. The attached Word document was titled Result Notice.doc.
(credit: Proofpoint)
Malicious macros embedded into the document attempted to install a package of full-featured malware Proofpoint calling LookBack. Components included a remote-access trojan written in C++ and a proxy tool for communicating with a command-and-control server. Once LookBack was installed, it gave attackers a full range of capabilities that include:
Read 8 remaining paragraphs | Comments
Read More