Loziok Trojan Attacking Energy Companies World-Wide

Security researchers at Symantec have discovered a reconnaissance tool called Loziok.  Loziok malware reports information about an infected computer such as the system configuration, hardware, and installed software back to the party who introduced the virus.  This information is most likely used by hostile actors to plan a tailored attack on the infected systems.

The infection route seems to be spam e-mails with an infected Excel file which exploits a patchable Microsoft vulnerability from 2012.

Thus far, the majority of Loziok malware detections have occurred in the systems of Middle Eastern energy companies as shown in the following Symantec graphic:

Laziok Detection By Country Courtesy of Symantec

Laziok Detection By Country Courtesy of Symantec

Symantec is assessing that that the hostile actors behind Laziok do not appear to be advanced based on the exploitation of a three-year-old vulnerability.  These attacks show that an attacker does not need to have state of the art tools to successfully attack sensitive systems.

Following these three basic rules will protect you from a Loziak malware attack:

  • Apply patches and updates to your software and hardware to ensure you have the most current protection for your systems
  • Always scan attached files for viruses and malware before you open them
  • If you receive a strange e-mail from a bank, shipping company, or any other business and you are not sure if it is legitimate, contact the company to confirm the e-mail’s veracity.  Treat all the information in the suspect e-mail as fake until it is confirmed as accurate.  To confirm the authenticity of a suspect message, Google the company’s corporate home page and use the contact information that is on its official website.  Malicious e-mails often contain fake customer service numbers to make the message appear more authentic.
Post by Remote Process