Hackers Attack PowerPoint More Than Microsoft Word

A MessageLabs report also shows that hackers are forgoing widespread campaigns for targeted attacks that take aim at specific employees inside a company.
For the first time, PowerPoint has surpassed Microsoft Word as the most common exploit vector, and hackers are increasingly pinpointing their enterprise attacks, according to a report out Wednesday from MessageLabs.

There's one specific gang that's running up the numbers on PowerPoint attacks. Most of the attacks are originating from an IP address within Taiwan, the MessageLabs report noted.

The company also pointed out in its study of March messaging attacks that hackers are forgoing the traditional widespread attack for targeted attacks. Instead of spamming out hundreds of thousands of e-mails to try to trick users into divulging critical information, a hacker sends one very specific e-mail to one or two people in a specific position inside the same company.

MessageLabs reported that it discovered 249 separate targeted attacks aimed at 216 organizations in March alone. About 200 of them were one-on-one targeted attacks that comprised a single e-mail designed to infiltrate one organization, the report noted.

That's a significant increase over March 2006, when there were only one or two targeted attacks launched every day.

"The bad guys know which organizations have data worth stealing and are picking them out one by one," said Alex Shipp, senior antivirus technologist at MessageLabs, in a written statement. "These targeted attacks are highly difficult to detect as the large majority consist of a single e-mail to one individual, which means they never have antivirus signatures created by traditional antivirus software. However, if you happen to be that one company targeted, the impact could be devastating."

A report from Kaspersky Lab in February predicted that widespread worm epidemics would continue to be replaced by targeted attacks on specific companies this year.

A few years ago, major worldwide worm attacks, such as the one caused by Mytob, were a nightmare for IT managers. Worms swept across the Internet, infecting millions of computers and costing companies billions of dollars in clean-up. The threat, while still alive and well, is changing its form.

Today, managers' worries are turning to the pinpoint attacks. In February, hackers used a zero-day flaw in Microsoft Word to launch targeted attacks against a specific company. Hackers used the then-unknown vulnerability to launch an attack against two employees at the same company earlier this month. The Trojan not only focused in on one company but also specifically targeted the two victims based on what they do there.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing