Data mining virus targets public organisations

A new series of attacks levelled at organisations in the public sector began last week, as reports of emails containing the malware program Bredolab came in.

Security expert Tony Millington said that although the use of Bredolab was not obviously significant in itself, the way in which the email campaign was run did raise some questions about the intentions of its instigators.

Mr Millington said that Bredolab was more usually distributed on a massive scale to as many email accounts as possible, relying on controlled botnets for the herculean campaign. However, in this instance, Bredolab has been sent to a select group of public sector organisations, suggesting that the criminals behind the attack are attempting to harvest data contained on specific systems.

Bredolab can be modified to use various forms of trickery to encourage the recipient of the email to run the attached executable. Once the process is begun, the malware is embedded on the user’s computer and it turns off the firewall, allowing the responsible parties access to the network and also giving them the chance to install many more malicious files as a result.

Mr Millington said that in this instance, Bredolab was being used to transfer data harvesting tools to the infected PCs and at the time of its appearance, these subsequent files were identifiable by only one or two of the major anti-virus vendors. As such, the potential for further infection and data theft was significant.

IT Security firms have been busy investigating the latest viral attacks via email and have established that the IP addresses from which the mail originates can be linked to several other spam campaigns which have been in operation in recent months. These IP addresses are believed to signify PCs connected in a large botnet, unbeknownst to their users.

According to Mr Millington, the emails sent in the latest batch are worded with innocuous subject lines, containing keywords such as ‘conference’ or ‘resume’ in order to dupe the recipient into activating the attached .zip file, which will usually have the same name.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal