VietNamNet Bridge – Vu Ngoc Son, Vice President of BKAV, the Vietnamese leading Internet security firm, pointed out that Microsoft’s MS12-027 has served as the most powerful weapon supporting the spyware campaigns in Vietnam.
BKAV has affirmed that a lot of intentional spyware campaigns have been deployed, aiming to the government agencies, organizations and enterprises in Vietnam.
There are two way hackers follow to launch attacks. Firstly, they steal email accounts and send malicious mails from the accounts. This means that the crimes break into VIP account of an agency by sending an email with the attached file containing malicious codes. The receiver would open the file and “paves the way” for viruses and malicious codes to penetrate their computers.
After entering the computers, the viruses would be able to steal the account information, especially VIP email, and find other important documents. They would also find other email addresses, insert malicious codes into the emails to send to VIP accounts, and other victims who could be VIP accounts’ acquaintances or colleagues.
With the second method, crimes would forge emails, send malicious mails after getting the text file with important content to seduce receivers to open the attached files.
“It is really alarming now. Most of the cases are very serious. Nearly all organizations and enterprises were once attacked,” Son said.
“The list of the email addresses used to deliver spyware includes the emails of the Ministry of Public Security, Ministry of National Defense, schools and research institutes,” he warned.
Also according to Son, the viruses exploiting the holes of Microsoft Office have been used as the weapon in the intentional spyware campaigns targeting Vietnam. 51 percent of viruses transmitted through text files were Word files (.doc), 30 percent was Excel (.xls) and 19 percent was Power Point (.ppt)
BKAV found that the hole that has been most exploited was MS12-207 which exists in all the popular Office versions (2003, 2007, 2010).
The hole is believed to be created by the carelessness of Microsoft’s programmers. The mistakes made by Microsoft’s engineers have made millions of computers suffer; they have been attacked through the very simple error.
BKAV on October 29 organized WhiteHat 2013 workshop and launched WhiteHat.vn, a forum for the white hat hackers.
WhiteHat 2013 is the first workshop of its kind organized in Vietnam, gathering 400 experts and young people who are interested in Internet security.
BKAV has expressed its worry about the lack of Internet security experts, which makes it difficult to deal with the attacks. Therefore, BKAV hopes the existence of the forum would help encourage young people to follow study to become white hat hackers. They would be the important members of the national Internet security force which is ready to respond to problems.
The white hat hackers’ forum would provide deep knowledge on Internet security, such as Reverse engineering, Malware, or website safety. On the forum, professional issues like SQL Injection, Buffer overflow would be put into regular discussions. The training courses via Internet would be organized regularly to improve the members’ knowledge.
The forum would also serve as the supporter to individuals and businesses, helping them update information and deal with the information safety problems they meet in reality.
Compiled by K. Chi