Applications and Platforms: "‘Trojan.Laziok’ Reconnaissance Malware Targets Middle East Energy Sector"

From The Stack:

Researchers at Symantec have observed that a relatively new data exfiltration software has been put to service in a winter campaign against energy companies in the Middle East.

In a blog post Symantec’s Christian Tripputi reveals that Symantec observed a ‘multi-staged, targeted attack campaign’ against energy companies around the world, between January and February this year - with a distinct emphasis on the Middle East.

Though the central malware has been dubbed 'Trojan.Laziok' by Symantec, In fact the Laziok Trojan has been identified and addressed before, with uninstall information widely available at various sites - and would appear to have been picked up as a campaign tool by as-yet unknown actors seeking sensitive information from the energy sector.

Tripputi says “The detailed information enables the attacker to make crucial decisions about how to proceed further with the attack, or to halt the attack. During the course of our research, we found that the majority of the targets were linked to the petroleum, gas and helium industries, suggesting that whoever is behind these attacks may have a strategic interest in the affairs of the companies affected,”

The attack begins with spam emails from the moneytrans[.]eu domain. The mails contain an exploit for the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158),which is executed if the recipient opens the infected Microsoft Excel file attached to the mail....MORE