November 20, 2007 11:15 AM PST
Targeted e-mail attacks spoof DOJ, business group
- Related Stories
Report: Targeted e-mail attacks increasingApril 18, 2007
The future of malware: Trojan horsesOctober 13, 2006
- Related Blogs
Targeted attacks on the rise, Microsoft report says
October 23, 2007
The first attack, detected by MessageLabs at 4:55 p.m. GMT Monday, was sent to more than 400 individuals at financial institutions, with the e-mail addressed specifically to that individual and purporting to be a complaint from the U.S. Department of Justice. A second attack, spotted three and a half hours later, was similar, but claimed to be from the Better Business Bureau. In both cases, the e-mails contained malicious attachments that could lead to the recipient's system being taken over.
The Trojan horse that gets installed on a computer allows an attacker to have remote access to the machine, but MessageLabs security analyst Paul Wood said the attacker's exact purpose was not clear. "Once they get access to the machine remotely, they can use that machine for anything," Wood said.
Although it is likely the two attacks are related, Wood said, their attachments and delivery mechanisms varied somewhat. The attack spoofing the Justice Department contained an executable program within a zipped file with the extension .scr, typically used by screen savers. In the attack spoofing the Better Business Bureau, the attachment was a Rich Text Format document that contained an executable program disguised as a PDF file.
The rise in specifically targeted e-mail attacks has been of significant concern to security experts. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on given the fact they are customized to their recipients, including things such as their name and official title.
In its annual "Security Intelligence Report," issued last month, Microsoft reported a steep rise in such attacks. Wood said that his company started seeing attacks aimed at specific individuals back in 2005, but at the time it saw maybe two such attacks a week. By last year, it was seeing one per day; this year, that number has risen to an average of 10 per day.
One of the big reasons behind the increase is the availability of toolkits that enable criminals to essentially have a template for the attacks, wherein they need to fill in only the targeted information.
"A year or two ago you would have to be fairly technically sophisticated in order to create these attacks," Wood said.
Wood added that the rise of social networks like Facebook and professional networks such as Plaxo and LinkedIn are making it easier for attackers to do their homework on potential victims.
"You can certainly build up a profile and make those attacks much more convincing," Wood said.
This week's attacks are similar to ones that took place in June and September. In the September attack, more than 1,000 senior executives were sent messages with an apparent Word attachment that contained an embedded executable file. The June attack, which also targeted senior executives, purported to be an invoice.
The latest attack spoofing the Better Business Bureau is still ongoing, said MessageLabs. The Better Business Bureau has also been spoofed before in a number of phishing attacks.
7 commentsJoin the conversation! Add your comment