Stratfor: The postman always knocks twice

February 12, 2012

by Maurizio Agazzi

Hackers send out false emails with Stratfor credentials, putting credit cards at risk

False emails with an attached file in PDF format (Portable Document Format) were received by Stratfor subscribers. The emails with the attached malware were sent to the email addresses extracted by the hackers in their attack on Stratfor on 24 December 2011. Responsibility for the attack was claimed on social networks, Twitter and YouTube, by a group of hackers that identify themselves with the signature Anonymous.

The message which incorporated the malware makes use of the old and proven strategy of deception. The subject heading of these emails was “Stratfor: Beware of false communications”; the victim is warned to be suspicious of any false communications and to protect their computer from cyber attacks by downloading free software. The minute the victim opens the URL contained in the attachment, the home page of Stratfor is opened. But the software that is downloaded is nothing other than a trojan containing spyware specialised in the theft of credit card information. But this is not all; once the computer has been infected, the trojan opens all of the backdoors of the computer, allowing remote control of the computer and downloads an entire arsenal of malware codes. At this point, the computer of the victim becomes the slave of the botnet that is controlled by the hackers and becomes the vector of IT DDOS attacks (Distributed Denial of Services). An archipelago of infected computers is able to generate controlled storms of bits that blackout the targeted server, effectively preventing the normal operation of the site.

This robotised strategy, which uses thousands of computer victims on the Internet to strike down a precise targeted server, allows the attack by the group of hackers to be enormously amplified  and effective in spite of the deployment of powerful cyber countermeasures.