Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Corporate Executives Targeted In Focused Security Attacks


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:39 PM

Posted 16 June 2007 - 10:10 AM

Corporate Executives targeted in Focused Security Attacks

The ISC is reporting that executives are being selected and sent email with malicious agents embedded in WORD documents. While AV scanners can detect these, a narrowly targeted attack may be well tested by the senders to ensure it gets past AV software. Additionally, many companies may not be blocking either ZIP or DOC based attachments.

Corporate executives would always be concerned over any "official looking" email from the IRS, Better Business Bureau, Federal Trade Commission, etc. The well socially engineered attack is not prevelant in-the-wild, but it is a growing concern. The main goal could be to gain confidential information, passwords, or even scam the company potentially.

All untrusted documents or web links must be avoided. Malware authors can copy true HTML from the website (or email) and create a document appears genuine in every respect. Sometimes they can't spell and that's a clue, but lately many items I've seen are very official looking.

EXAMPLE: I recently received in my bulk mail filters, a hallmark greeting card invitation that was so authentic, that I felt it was truly a congratulatory e-card from a friend. Having developed web pages for over a decade, I explored the underlying code. Everything was geniune, except for the main link with pointed to a numerical IP address. There was also a malicious POSTCARD.EXE downloader trojan horse as part of the web address. I closed out of the HTML edit session and browser and deleted this one immediately.

RECOMMENDATION: As a counter-measure, everyone should cross-check email messages from the IRS, government authorities, banks, credit card agencies, stockbrokers, billing entities, software vendors, etc. directly by phone or otherwise. Never take action on an email message alone and always be very careful to avoid any attachment or web links that might be present in unexpected or suspicious documents.

Corporate Executives targeted in Focused Security Attacks
http://isc.sans.org/diary.html?storyid=2979

This is another word “document” with a malicious embedded object similar to the BBB, IRS, FTC and other targeted trojan “documents”. A word of caution: Do NOT open strange documents or run untrusted binaries on a machine you don’t wish to format and reinstall the OS on!



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users