|
|
|
||||
|
#1
04-21-2008, 08:21 PM
|
||||
|
||||
|
Spear Phishing scam
Well, I knew what "phishing" is but I've just learnt what "spear phishing" is...
"Spear phishing" is an increasing cyber crime related to corporate espionage. It is a highly targeted phishing attack where a company executive receives an email from an "authorized partner" regarding a project, which is not widely known outside the company. The purpose of such an email is to encourage opening a file, launching a Trojan, which would provide somebody with access to the whole network." The reason that I've brought this up, is that an article in NY Times on Apr 16, 2008 says that "thousands of high-ranking executivies across the country" have received these spear phishing e-mails this week. The text of the article is: An e-mail scam aimed squarely at the nation’s top executives is raising new alarms about the ease with which people and companies can be deceived by online criminals. Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case. A link embedded in the message purports to offer a copy of the entire subpoena. But a recipient who tries to view the document unwittingly downloads and installs software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords and other personal or corporate information. Another piece of the software allows the computer to be controlled remotely. According to researchers who have analyzed the downloaded file, less than 40 percent of commercial antivirus programs were able to recognize and intercept the attack. The tactic of aiming at the rich and powerful with an online scam is referred to by computer security experts as whaling. The term is a play on phishing, an approach that usually involves tricking e-mail users — in this case the big fish — into divulging personal information like credit card numbers. Phishing attacks that are directed at a particular person, rather than blasted out to millions, are also known as spear phishing. The latest campaign has been widespread enough that two California federal courts and the administrative office of the United States Courts posted warnings about the fake messages on their Web sites. Federal officials said they stopped counting after getting hundreds of phone calls from corporations about the messages. At midday on Tuesday, one antispam company, MX Logic, said in a Web posting that its service was still seeing at least 30 of the messages an hour. Security researchers at several firms indicated they believed there had been at least several thousand victims of the attack whose computers had been compromised. “We have seen about 2,000 victims, more or less,” said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and a volunteer at the Internet Storm Center, a network security organization. Researchers were studying a list of the Internet addresses of infected computers that iDefense Labs, a research unit of VeriSign, had assembled by monitoring network traffic. Personalized scam messages have been on the radar of security researchers and law enforcement officials for several years, but the latest variant is a fresh indication of the threat posed by such digital ruses. “I think that it was well done in terms of something people would feel compelled to respond to,” said Steve Kirsch, the chief executive of Abaca, an antispam company based in San Jose, Calif. Mr. Kirsch himself received a copy of the message and forwarded it to the company lawyer. “It had my name, phone number, company and correct e-mail address on it and looked pretty legitimate,” Mr. Kirsch said. “Even the U.R.L. to find out more looked legitimate at first glance.” When the lawyer tried to download a copy of the subpoena and the computer restarted itself, they quickly realized that the file contained malicious software. Several computer security researchers said that the attack was the work of a group that tried a similar assault in November 2007. In that case, the e-mail message appeared to come from the Justice Department and stated that a complaint had been filed against the recipient’s company. The software used in the latest attack tries to communicate with a computer in Singapore. That system was still functioning on Tuesday evening, but security researchers said many Internet service providers had blocked access to it. A number of clues, like misspellings, in the fake subpoena led several researchers to believe that the attackers were not familiar with the United States court system and that the group might be based in a place that used a British variant of English, such as Hong Kong. “This is probably Chinese-based,” said Mr. Bambenek. “If all the key players are in China there is not much the F.B.I. can do.” Several security researchers said that the real danger of the attack lay in a second level of deception, after the hidden software provided the attackers with digital credentials like passwords and electronic certificates. “There are very subtle nuances to their attacks that are well known in the financial industry but are not well publicized,” said Matt Richard, director of the Rapid Response Team at iDefense. Mr. Richard said the criminals were going after a particular area of the financial industry, but he would not elaborate. He said that law enforcement officials were investigating the fraudulent documents. Calls to the Federal Bureau of Investigation for comment were not returned. Although the software package used to deliver the eavesdropping program is well known, it was hidden in such a way that it avoided detection by commercial programs in many cases, researchers said. “This is pretty well-known code,” said Don Jackson, a researcher at SecureWorks, a computer security firm. “The issue has to do with repacking it.” Recipients of the e-mail messages are directed to a fraudulent Web site with a copy of the graphics from the real federal court site. They are then asked to download and install what is said to be a piece of software from Adobe that is used to view electronic documents. “There are several layers of social engineering involved here,” said Mike Haro, a spokesman for Sophos, a company that sells software to protect against malicious software and spam. 
|
|
#2
04-21-2008, 09:44 PM
|
||||
|
||||
|
A several week old story...but serious stuff.
Aka "whaling", as they pick off some big info, potentially. BR,mD
|
|
#3
04-21-2008, 10:03 PM
|
||||
|
||||
|
motordavid,
You're right, the correct term for this appears to be whaling. I should have noted that I learned both those terms this week  I wasn't implying that this was happening today. It's been happening over the last week or so. What I found interesting is that they are saying that there are "... at least several thousand victims...". I feel that: 1. This shouldn't have made it through companies' firewalls (and it didn't get through ours as far as our security IT team is concerned) 2. Our "nation's top executives" should know better than to click on unknown attachments...
|
|
Sponsored Links
|
|
|
#4
04-21-2008, 11:16 PM
|
||||
|
||||
|
Brian,
I wasn't arm wrestling...my apology if my comment was terse. I agree with you on both points, but having been an exec., (not top and not a big co., lol!), back in the beginnings of email, I took pride in reading and answering every email and voice mail I got. Then, scams were slim and infrequent; today, you are correct: they should freakin know better, esp. if its some "subpoena" which every knucklehead CEO should know it's gotta go to Legal first, lol! I suspect the Crackberry herd is sucked in, maybe by the smallish screen, instant communication desire, appearing to support the customer instant gratification thing, etc. BR,mD
|
Linear Mode
