http://biz.yahoo. <http://biz.yahoo.com/iw/070521/0255057.html> com/iw/070521/0255057.html MessageLabs Intelligence Targeted Attack Report: Criminal Ring Continues Exploits Monday May 21, 6:00 am ET Word Makes Comeback as Most Common Exploit Vector - NEW YORK, NY and LONDON--(MARKET WIRE)--May 21, 2007 -- MessageLabs, a leading provider of integrated messaging and web security services to businesses worldwide, today revealed new data on the levels, victims and sources of targeted email attacks in April 2007. Last month MessageLabs intercepted 595 emails in 249 separate targeted attacks aimed at 192 different organizations. Of these, 180 were one-on-one targeted attacks. These numbers represent a decrease compared to last month largely due to a drop in attacks by a Taiwanese criminal ring, "Task Briefing," using the CVE-2006-0022 PowerPoint exploit. There was also a decline in attacks using .exe files. Ninety-five percent of targeted attacks in April 2007 used Microsoft Office suite exploits. Microsoft Word has once again become the most common exploit vector, with an increase in attacks using Word documents that contain SmartTag exploit, CVE-2006-2492. These attacks increased dramatically since March 2007 from four attacks going to four single recipients to 66 attacks going to 273 recipients in April. Although PowerPoint attacks decreased in April, those attacks that were made using exploit CVE-2006-0022 were made by Taiwanese criminal gang, "Task Briefing," named for the subject line in the emails they use. The ring made six attacks this month, sending 61 emails accounting for 10 percent of all targeted emails in April, the longest of which lasted 45 hours. In March, the same gang sent 151 emails accounting for more than 20 percent of targeted attacks. "This month we saw a significant surge in documents using the CVE-2006-2492 exploit," said Alex Shipp, Senior Anti-virus Technologist, MessageLabs. "On first sight, it appears that more than one hacker ring is using this Microsoft Word exploit, and so an exploit generator kit might exist, although this has not yet been found." One additional attack using the same PowerPoint exploit but originating from an IP address in China targeting 14 Japanese email addresses suggests that there may be a second criminal ring in operation. A full report is available at http://www.messagel <http://www.messagelabs.com/Threat_Watch/Intelligence_Reports.> abs.com/Threat_Watch/Intelligence_Reports. About MessageLabs MessageLabs is a leading provider of integrated messaging and web security services, with over 15,000 clients ranging from small business to the Fortune 500 located in more than 80 countries. MessageLabs provides a range of managed security services to protect, control, encrypt and archive communications across Email, Web and Instant Messaging. These services are delivered by MessageLabs globally distributed infrastructure and supported 24/7 by security experts. This provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information. For more information, please visit www.messagelabs.com. [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/