Friday December 5, 2008 6:25 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."
on Scammers target online car buyers, warns ACCC
by Marian Imrie | Dec 5, 2008 4:45 PM
 
"Very nice and useful information. UT4B4. Tape4backup.com"
on Weighing the options for securing back-up data
by Lto-4 Tape | Dec 4, 2008 9:23 PM
 
"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."
on Latest VB100 malware test brings good news
by Ben | Dec 4, 2008 6:00 PM
 
"I like this"
on AVG update deletes critical Windows file
by nanwin | Dec 3, 2008 3:05 PM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
Email Security

CEOs targeted by subpoena spam

  • Email a Friend
  • Print Page
Related Articles
By Dan Kaplan
Apr 16, 2008 10:33 AM
Tags: CEOs | targeted | by | subpoena | spam
Instead, the executable file said to contain the subpoena actually is an information-stealing trojan, John Bambenek, a handler at the SANS Internet Storm Center and an information security researcher at the University of Illinois in Champaign, told SCMagazineUS.com.

"The idea was a very good one," he said. "People see a subpoena and they're like, 'Oh my,' especially a CEO."

The malicious executable creates a browser-helper object (BHO) and opens a hidden window in Internet Explorer, which communicates with a command and control center in Singapore and can install malware, such as a keylogger, Bambenek said. The BHO also steals digital certificates installed on the recipient's computer.

"Since you're talking about CEOs of companies, that could potentially be big," he said. "People can authoritatively send out emails or notifications as a CEO of a company and digitally sign them."

The scammers behind this digital assault were the same individuals responsible for fake emails purporting to be from the Better Business Bureau, Bambenek said. However, the senders were sloppy in their latest run.

"If you paid attention, there were lots of clues that this wasn't kosher," he said. "The biggest one is that you're not going to get served over email. The court would simply not take it seriously. You have to be served the old-fashioned way."

Other giveaways that the email is a hoax include invalid headers, bogus case numbers and grammatical and spelling errors, he said.

The emails, though, come packed with social engineering tactics, including the recipient's full name, company name and work phone number, which distinguish them from run-of-the-mill junk mail, said Sam Masiello, director of threat management at MX Logic.

"By targeting C-level executives, the technique used in this type of attack is called 'whaling,'" he said. "It is called whaling because they are trying to get the largest fish that they can on the hook, people who are generally more affluent and stand more to lose, both personally and professionally."

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Messaging Whitepapers
 
Popular Tags
campaign captcha closed email facebook identity isp leads levels major malware network recession record spam spammers srizbi trends warning yahoomicrosoft