Samker's Computer Forum - SCforum.info
World TOP Headlines: => Latest Security News & Alerts => Topic started by: Amker on 09. July 2007., 18:26:43
-
MessageLabs, a company that provides messaging security for ISPs and businesses, has released its latest report on the state of malware. It has revealed an interesting new phenomenon: malware targeted at executives in different companies, but all working in the same sector.
Beginning on June 26, MessageLabs intercepted over 500 targeted attacks that consisted of an e-mail with a Microsoft Word file attached. The Word file contained embedded executable code that when opened would activate a trojan horse program. The typical e-mail looked like this:
To: [Victim name] - - [Job Title]
The Proforma Invoice is attached to this message. You can find the file in the attachments area of your email software.
PS: The invoice also includes the cost for the services provided for the second quarter of 2007.Please read, evaluate and reply with any comments. Thanks.
[postal address removed]
E-mails were sent to various corporate executives at a variety of companies, and some e-mails were actually directed towards the spouse or close relation of specific executives. Most of the attacks were sent to executives working in the energy sector. The goal behind the attacks was to take control of both work and home computers belonging to high-level employees at these companies in order to gain access to confidential e-mails and sensitive corporate information.
Targeted attacks are not a new idea, but this latest batch shows that these sorts of attacks are on the rise and getting more complex. One also wonders why the energy sector has been targeted. Is this some attempt at so-called cyberterrorism?
Another new trick that some spammers are starting to use is to send messages to hotels and catering organizations with seemingly-legitimate group reservations, sending a fraudulent payment, then attempting to claim a refund before the bank disallows the original transaction. Clearly in this case the motive is financial.
Image spam gets more professional
In addition to the new targeted e-mail attacks, MessageLabs has noticed a change in the "hot stock tip" scams that are typically sent out as one large embedded image in order to bypass text-based spam filters. The first batch of these tips were somewhat amateurish, with frequent misspellings and overly hyperbolic word choices. The spammers have addressed these issues with a new batch of e-mails that are sent with attachments in PDF format, mimicking the look of a genuine newsletter to promote a particular penny stock. The PDF contains a large embedded image, unlike typical PDFs that can be searched for text strings. Because of this, each PDF is unique, which makes it difficult for automated content analysis programs to identify the files as spam.
The stock tip scams are pushed aggressively, with tens of thousands of e-mails directed to individual domains within a time period as short as one hour. The idea behind these "spam spikes" is to push as many e-mails through before antispam systems can react and block the messages.
ars tehnica