Forum latest

New Attacks Target Top Executives
Written by Daniel   
Wednesday, 19 September 2007 09:11

Trojan-style attack designed to fool CXOs into downloading data-sucking malware, researcher says

SEPTEMBER 18, 2007 | 5:10 PM
By Tim Wilson
Site Editor, Dark Reading
In a new round of targeted attacks, phishers are sending messages directly to selected top executives and luring them to download the malware inside.
Researchers at security company MessageLabs today said they intercepted some 1,100 messages targeted toward high-ranking executives at a variety of companies during a 16-hour period between Sept. 12 and Sept. 13. The attack bears many similarities to the targeted attacks on CXOs reported by MessageLabs less than three months ago.

"This attack was larger and more sophisticated than the one in June, but there are enough coincidences between the two that it's reasonable to conclude that they are linked," says Paul Wood, senior analyst at MessageLabs. "And I would expect that we'll see a similar type of attack within a matter of months, and that it might be larger still."

The attack, which occurred as a series of four email blasts from three legitimate email servers, sent messages to top-ranking executives in a wide variety of roles and a wide variety of companies, both large and small. There doesn't immediately appear to be any common thread among the targets, "although it's possible that they might have some business partners in common," Wood says.

In each case, the executive receives an email from what appears to be a legitimate employment services company, with a subject line that says something like, "Agreement update for XYZ Co.," using the legitimate name of the executive's firm.

There is no text in the message, but there is a rich-text format (RTF) document embedded in it. When the executive clicks on the document, it routes him to a URL, where he picks up another executable file warning that Microsoft Word is having a problem and needs to close, Wood explains.

When the executive clicks on the Microsoft message, he activates a nasty bit of malware that sucks data off the machine and sends it to the "mother ship" for storage in an SQL format, Wood says.... More   Comments in the Forums
Don't Click Here Don't Click Here Either