[SingCERT] Chinese New Year Holidays Advisory

Last Updated on Friday, 06 January 2012 17:47

 

[ Summary ]

In the past, SingCERT has received reports of an increased number of phishing scams and targeted malware campaigns that take advantage of the Chinese New Year holiday and shopping season.  Users should remain cautious when receiving unsolicited email messages that could be part of a phishing scam or targeted malware campaign.

This alert seeks to raise awareness of this kind of attack, highlight the important need for systems users and administrators to take appropriate measures to protect their data, and provide guidance on proper protective measures.

[ Description ]

The targeted emails use social engineering to appear credible, with subject lines often referring to work or other subjects that the recipient would find relevant. The sender’s email addresses are typically from free email providers such as Yahoo, Gmail, Hotmail ,etc. Spoofed sender’s addresses (e.g.SingCERT This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) are specially chosen to look familiar to the recipients, eg. from a colleague or a reliable party.

We have observed two common methods being used.

Firstly, the sender may include a malicious attachment in the spoofed email, usually PDF or Microsoft Office documents. The email attachments exploit known vulnerabilities to install a Trojan on the user’s computer, when opened, allowing the perpetrator to take complete control of the system.

Alternatively, the sender may phish for sensitive information within the content of the email itself, or entice the recipient to visit a malicious Internet link. The objective of the attacker is usually to gather sensitive information such as individual identification information, banking account numbers, login credentials and passwords, or even to entice the recipient to download malicious contents.

An unwary recipient is more likely to fall prey to such attacks since the sender’s email address looks familiar.

[ Protective Measures ]

Central protective measures have been put in place.

We would like to remind users to be vigilant against such spoofed emails, by taking the following actions:

- Exercise caution when accessing unsolicited emails, especially emails from free email providers. Check the legitimacy of the sender.

- When in doubt, do not open the file attached nor access the internet link.

- Report suspicious emails to relevant departments.

- Maintain and update anti-virus software and signatures to detect malware.

- Update operating system and application software to patch vulnerabilities.

- Acrobat Reader vulnerabilities have been targeted and exploited, ensure that latest update for supported version are installed.

- Microsoft Office vulnerabilities have been targeted and exploited, ensure that Microsoft security bulletin updates are installed.

- Java vulnerabilities have been targeted and exploited, ensure that latest update for supported Java Runtime Environment (JRE) are installed.

- Be reminded to be wary of parties requesting for banking accounts, login names and passwords, or redirection to Internet links requesting for sensitive information.

 

< Prev		Next >