Quantcast

Cyber Attackers Pose as New York Times

Targeted Email Attack Pretends to be from "Times Reader"

Get the WebProNews Newsletter:
[ Business]

Symantec’s MessageLabs tells WebProNews there is a new targeted attack using emails pretending to be from the New York Times. MessageLabs Intelligence tracked the attack yesterday, which used emails pretending to come from the NYT’s "Times Reader" software, hitting six different domains. One domain was a public sector domain, one was a law firm, and three were to chemical companies, and one was an online gambling company in the UK.

"The email attacks originated from Greece from IP address 83.253.67.30 (aiolos.otenet.gr)," a MessageLabs representative tells us. "MessageLabs Intelligence can’t see this being used as a botnet."

Attackers Disguise themselves as New York Times - Times Reader

"When executed the "Times Reader Plugin.exe" uses iexplore.exe to send encrypted data over port 443 to 82.103.136.9," she continues. "It resolves to an address in Denmark, which looks like a computer on a home network. It doesn’t display anything when you run the exe, so the victim wouldn’t know they have been infected. The only indication is an iexplore.exe process running when there is no IE browser session open. It drops 2 files in the C:\windows\system32 directory as rundl32.exe and also rundl32. This dropped virus is a keylogger with rundl32 file containing what it is you are writing. After a while, the virus shuts down and deletes itself."

While the attack appears to be very targeted, it may prove to be a good idea to watch for such emails, particularly if you are a user of Times Reader.

 

Cyber Attackers Pose as New York Times
Top Rated White Papers and Resources
  • sofakingdabest

    The virus shuts down and deletes itself? Sounds fishy. Sounds like a marketing ploy to me.

  • http://ronaldredito.org/blog/ Ronald redito

    These people should be punished.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom