Cyber Attacks Against Israelis
This post is also available in: 
עברית (Hebrew)
InnoCom warns against repeated cyber attacks , propagated through viral malware embedded in various files. Most of the files ended with the extension .scr, sometimes ending in long, confusing strings of text that include other, familiar extensions such as .doc.
The .scr files are actually compressed files that include other files, among them a word.exe file that contains an XtremeRat worm. The worm is available for sale online and is common in many attacks.
Other files include Word documents, such as:
-
A file that opens with the words “Palestinian victory: the Church of the Nativity a world heritage site.”
-
A file that opens with the words “Advisor: Romney would back Israeli strike on Iran.”
-
The file “IDF NEWS[RTLO]cod, involving a security and defense convention.
The files also include various youtube videos.
The malware appears to connect to servers in the US and Gaza, and its purpose is tracking Israelis. Even so, some reports say that the malware was first discovered in files aimed at Arab users, perhaps because it was first used to track Palestinians.
Yehonatan Gad, InnoCom Chairman and CEO, recommends avoiding .scr files or any compressed files, used by most modern malware; this in addition to avoiding files from unknown sources altogether, protecting systems against malware and viruses, and raising awareness of common modern attack methods.
