New Attacks Detected by Recently Introduced Check Point Threat Emulation Software Blade
May 2013 by Check Point
Check Point has announced the detection of evolving phishing and bot attacks by the Check Point Threat Emulation Software Blade. The new attacks used new exploit variants of vulnerability (CVE-2012-0158) to target employees at several large global organizations. By using Check Point’s new threat emulation sandboxing technology, the attacks were discovered before anti-virus signatures were made available.
The attacks started with phishing emails purporting to be from Citibank or Bank of America. The emails, which contained subject lines such as “Merchant Statement”, invite recipients to open an infected Microsoft Word attachment. Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects recipient computers, and renders them under the control of a larger bot network.
The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets – a unique aspect of these attacks.
“Cybercriminals are constantly launching new attacks, distributing thousands of new malware variants every day,” said Dorit Dor, vice president of products at Check Point Software Technologies. “Traditional anti-virus solutions are not enough when it comes to dealing with unknown threats.”
“Organizations need a multi-layered security solution that includes Threat Emulation technology capable of detecting and preventing against new attacks and variants of existing ones. Our sandboxing technology closes the gap between the time new attacks are launched and when AV updates are made available, providing the most effective threat prevention available today.”
For more information on the attacks, please click here: www.checkpoint.com/defense/a...