Skip to content

Trend Micro co-worked with Taiwan Criminal Investigation Bureau to solve targeted attack crime

【Taipei, June, 13, 2013】Trend Micro (TYO: 4704; TSE: 4704) successfully co-work with the Taiwan Criminal Investigation Bureau to solve a targeted attack of personal data theft case. This is a crime which occurred to the Taiwan Bureau of National Health Insurance at the end of April. With the world leading cloud security vendor, Trend Micro’s customized analytics technology, the Taiwan Criminal Investigation Bureau (CIB) has successfully detected over 10 thousands of Trojen malware TROJ_GHOST.ZZXX and backdoor malware BKDR_GHOST.ZZXX. It was a great success for both CIB and Trend Micro.

Trend Micro has discovered the pattern of this case; the hackers impersonated themselves as the Taiwan Bureau of National Health Insurance, and initiated a customized social email attack, by sending a huge amount of emails under the name of the Bureau, with a link indicated a certain document for the public to download. Once users click on the link, they will be transferred to another site, and automatically be downloading a RAR file with a title looks totally official to the users.

Graphic 1. The hackers initiates targeted attacks toward specific SMB

Once the users click on and download the file, they will see a .DOC file, however it is an .EXE file, while this file been clicked open, the trojen and and backdoor malwares will be implemented right away. Users’ PC would be enforced to reset in order to unblock the gateway. From then on, the hackers will be able to navigate on the attacked desktop, copy the file in the PC, and find next victims by using the contact list in the current victim’s computer. This pattern had successfully stolen over 10 thousands of personal data.

Graphic 2. After unzipping the file, there will be a .exe file which looks like a .doc one.
Once the file is open, it will make the user’s computer as a public space.

Trend Micro also did an advanced analysis, and found out the above mentioned backdoor malware belongs to the GHOST family. The criminal has written the ATP attack based on the Ghost malware developed by the hacker in 2009; with several times testing, the malware succeed to hide itself from the detection of the security software. It has caused the leak and the damage to the financial and accounting information of the SMB users. As an ATP attack, the criminal was targeting the financial critical information of an important amount of SMB users. In the mean time, there is the hidden danger of fraud related.

Furthermore, this targeted attack uses not only familiar social engineering tactics, nevertheless, it’s customized email title and recipients title makes users to click on easily. This kind of attacks happens all the time. The links embedded lead the users to the websites on untraceable IP, so that the hackers would not be detected by the security software. It should be kept in mind that these kinds of attacks normally target to the financial and human resources personnel’s in SMBs, who have the access to the sensitive information of the companies. These employees need to pay more attention to the emails come from unknown senders, and be extremely cautious toward the files attached.

When facing the social engineering email attacks, Trend Micro suggests the SMBs and users to notice:

  1. Use legal information security software with malware affected email filter
  2. Update the information security software regularly
  3. Be cautious before click on the attachments or links from unknown senders. If the liability could not be confirmed, it is suggested to call the sender, or check their official website
  4. Financial and human resources personnel’s in SMBs, who have the access to the sensitive information of the companies, need to pay more attention to the emails come from unknown senders, and be extremely cautious toward the files attached.

Trend Micro works with entrepreneurs to defend the enterprise information security. For SMB security, Trend Micro Worry-Free™SMB provides cross-platform and easy managing security solution: http://apac.trendmicro.com/apac/small-business/product-security/worry-free-services/index.html

About Trend Micro

Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualised and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and its products and services are available at Trend Micro.com. This Trend Micro news release and other announcements are available at http://NewsRoom.TrendMicro.com and as part of an RSS feed at www.trendmicro.com/rss. Or follow our news on Twitter at @TrendMicro.


Connect with us on