Written by 
A sophisticated malware operation targeting defence contractors has been uncovered.
Researchers at Symantec Hosted Services said that the operation involved compromising the site of one firm and then using the hacked site to host a malware attack on another contractor.
The attack began when the first company’s site was compromised and embedded with a landing page and obfuscated exploit code. The attackers then sent out a series of emails to employees of a second firm claiming that the company’s chief executive had been arrested by US authorities.
When the targeted users clicked on an included link, they were directed to the compromised site of the first company, which then attempted to exploit a recently-disclosed vulnerability in the Windows Help component and infect users with an assortment of malicious software.
Symantec Hosted Services senior malware analyst Martin Lee told V3.co.uk that the sophistication and complexity of the attack was particularly noteworthy.
“This is a very professional attack by someone who really knows what they are doing,” Lee said. “We see an awful lot of targeted attacks in which the malicious binary is attached to the email, and we have also seen targeted attacks that include a link to download, but what we have not seen before is hacking another company’s web site – a very reputable second contractor – and hosting that binary on their site.”
