Arbor Networks, which looks at some recent spear-phishing campaigns and finds some common threads, reveals the tactics and technologies the attackers are using.
n the Central Tibetan Administration's Website on Dec. 31. According to Arbor Networks, the spear-phishing campaign started the same day the content was loaded on the Tibetan Website.Wilson noted that the term "Four-Element Sword Builder" is a bit of conjecture based on analysis. By way of Arbor's analysis of multiple malware samples, researchers were able to find enough code similarity to infer that a single tool was used."I found enough code that had similar characteristics, using the four exploits or a combination of them, so there was enough similarity to imply there is a builder infrastructure behind it," Wilson said.Multiple open-source tools are freely available that attackers or security researchers can use to build phishing and malware campaigns. However, as far as Wilson could tell, there was no known overlap between the Four Element Sword Builder with any tools of which he was aware."[Four-Element Sword Builder] looks like something unique and distinct to me," Wilson said..
- eWeek