Two security companies today released a joint report describing an ongoing series of attacks against government contractors that have been occurring since at least early 2009. According to the vendors Seculert and Zscaler, attackers are sending firms phishing e-mails with fake invitations to conferences, often in the form of PDF files that exploit flaws in Adobe Reader. The file installs what the vendors call an “MSUpdater” Trojan that poses as a legitimate Windows Update process. In reality, the Trojan is a remote access tool that can steal information from a company’s network for as long as the breach remains undiscovered.
“Foreign and domestic (United States) companies with intellectual property dealing in aero/geospace and defense seem to be some of the recent industries targeted in these attacks,” the report states, without identifying specific attack targets.
from Ars Technica