Hackers Use Libyan Conflict to Target Human Rights Firms

Security experts are warning of a new targeted email based hacking attack exploiting the current unrest in Libya to infect the victim's machine and enable remote code execution.

Symantec.cloud's MessageLabs Intelligence research team spotted the suspicious emails earlier this week, noting that they were sent to 27 individuals in six organisations, all of which are involved in promoting human rights, supporting humanitarian aid or are think-tanks for foreign affairs and economic development.

In a blog post, Symantec.cloud AV operations engineer Jo Hurcombe explained that the emails, which were sent from an IP address in Romania, try to trick the recipient into thinking they come from someone internal to their organisation.

"In most cases, the email headers were spoofed to appear to come from the same domain as the recipient, a familiar social engineering technique used in so-called 'spear phishing' attacks," she wrote.

"The email itself is very simple and is designed to appear as part of a discussion about the economic stakes in Libya's current crisis, with the sender claiming to agree with points raised in the attached document."

The document in question, has been crafted to look like to be an office document file with a DOC extension, but it is actually an RTF formatted document infected with an exploit for a known vulnerability - CVE-2010-3333: "RTF Stack Buffer Overflow Vulnerability", which is an RFT parsing vulnerability.

The exploit allows remote attackers to execute arbitrary code on the infected computer via crafted RTF data in the document, Hurcombe explained.

The discovery comes in the same week as scammers in Ghana were found to be sending 419 emails which also seek to exploit the unrest in Libya to con the victim out of cash.

print this article

Return to security news headlines
View Security News Archive

Share with: