Support our Sponsors


Uclip Clipping Path Service

UAE Lists Jobs in Dubai


Main Menu

Home
News
Blog
Links
Search

Resources

Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions

Related Items

powered_by.png, 1 kB

Popular


Home arrow News arrow Latest arrow Phishing Attack Summoning US CEOs to Court Gains Computer Access
Phishing Attack Summoning US CEOs to Court Gains Computer Access PDF Print E-mail
Written by Spam News Admin   
Sunday, 20 April 2008

According to security researchers at SANS Internet Storm Center, thousands of CEOs (chief executive officers), on April 15, 2008, in the US became targets of a new phishing scam that distributed e-mails summoning recipients to provide testimony in national court.


According to security researchers at SANS Internet Storm Center, thousands of CEOs (chief executive officers), on April 15, 2008, in the US became targets of a new phishing scam that distributed e-mails summoning recipients to provide testimony in national court.

Victims in the attack are directed to a fake site where they are asked to load a browser plug-in program to be able to see the court documents. But, in reality that software allows criminals to access the user's computer.

Thus, the attachment supposedly containing the order is truly a data-stealing Trojan, said John Bambenek, who serves as a handler to the Institute's Internet Storm Center and is also a researcher of information security at the University of Illinois in Champaign, as reported by SCmagazine on April 14, 2008.

The executable that maliciously creates a BHO (browser-helper object) and also a concealed window in Internet Explorer facilitates interaction with a Singapore-based command-and-control center. It also installs malware like a keystroke-logging program. The BHO even steals the recipient's digital certificates from his computer.

Bambenek said that since the dealing is with company CEOs, the e-mails could authoritatively be notifications or e-mails from them having the officer's digital signature.

The scammers in this digital assault have been identified as the same people who were behind the phony e-mails purportedly from the BBB (Better Business Bureau). However, the e-mail senders have been lax in this latest run. Indications that the message is fraudulent evident from the unconvincing headers, fake numbers for different cases, and errors in spelling and grammar.

Sam Masiello, Director of Threat Management, MX Logic said that the e-mails come added with tactics of social engineering such as use of the full name of the recipient, organization's name and office phone number all of which demarcates them from the usual junk e-mails, as reported by SCmagazine on April 14, 2008.

The method used in the current attack, which targets C-level executives, is called "Whaling." The name implies that the hook is attempted on the biggest fish; individuals who are more affluent with chances of losing more than the ordinary people would both professionally and personally.


Posted originally: 04/19/2008

Read Full Article



Reddit!Del.icio.us!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites!
Last Updated ( Sunday, 20 April 2008 )
 
< Prev   Next >
[ Back ]

Newsflash

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us

 

 

 
 
© 2008 spam NEWS - updated Daily
Joomla! is Free Software released under the GNU/GPL License.