To get a sense of just how advanced some malware-based espionage campaigns have become, consider one recently perpetrated against Digital Bond
, a security consultancy that specializes in safeguarding computer systems used to control dams, gasoline refineries, and other critical infrastructure against attack.
A recently sent e-mail addressed a Digital Bond employee by name and used an account that was registered to appear as if it belonged to Dale Peterson, the company's founder and CEO. According to a blog post
published late last week, it made reference to a paper Peterson co-authored in 2009 and asked the employee to click on a Web link that led to a compressed file stored on a compromised server. Malicious code in the file installs a remote backdoor on end-user machines. It was detected by only seven of 42 antivirus products
. That suggests the trojan hadn't circulated widely before it was unleashed on Digital Bond, presumably to tap its employees' expertise in the security of ICS, or industrial control systems.
"It's a bit concerning that a company whose sole focus is securing industrial control systems should be spear phished," wrote Reid Wightman, another Digital Bond researcher. "The attacker clearly went to enough trouble to try to understand ICS security lingo to get the employee to open the link, and had to compromise a DNS server."