Oil Companies Reveal Sophisticated Web Attacks on Their Data

Senior executives at the three of the world's largest oil and natural gas companies were targeted by a highly sophisticated and aggressive malware campaign in 2008 that was designed to steal key proprietary data—including multi-million-dollar research to locate the next great oil discovery—according to a report this week on the Christian Science Monitor Web site.

Photo: Oil Companies Reveal Sophisticated Web Attacks on Their Data

ExxonMobil, ConocoPhillips and Marathon Oil  executives who were unwittingly duped by unsolicited e-mails caring the data-extracting malware were finally notified of the scam in early 2009, according to unnamed law enforcement and IT security experts quoted in the article. Security experts familiar with the attacks said this new form of corporate and, quite possibly, nation-sponsored espionage utilized custom spyware that is virtually undetectable by antivirus software applications used by the vast majority of large companies around the globe.

Targeting senior executives in a company is not new, but the level of sophistication of these attacks take the concept to a whole new level.

This particular wave of attacks focused on proprietary data, including "bid data"—the files containing details on the quantity, value and location of oil discoveries around the word. Officials close to the investigation said some of the attacks appeared to originate in China and that servers located in the Communist nation were used to store some of the stolen data.

InternetNews com.  has contributed to the report.