Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

New Attention on Old Exploits

A relatively well-crafted targeted phishing scam (some might call it spear phishing) has attracted significant recent attention after senior executives at an Information Security company were recently targeted.

Despite the scam being known about for a number of months, the audacity of the attackers to target an Information Security company is a refreshing difference to most phishing efforts. Limiting attacks to senior management is also an interesting move.

The basics of the scam involve sending targeted emails (correct names, company positions and other position-related information) to specific individuals claiming to include a complaint registered at the Better Business Bureau against the firm.

Relying on the target to have a natural desire to address any complaints targeting their firm, the attackers are making use of basic social engineering techniques to get their victims to open the infected .rtf file which contains the downloader that launches the rest of the infection on the target's machine.

Unfortunately for targeted users, there are a lot of antivirus vendors that still can not detect the malware being distributed and installed by this particular phishing attempt. According to at least one firm, more than 1,400 victims have successfully been targeted by this attack.

With a Bancos variant being the most common installation target, this lack of coverage from the major antivirus vendors is placing many of the targeted victims at risk, especially if they have trusted their antivirus software to protect them against this issue.

31 May 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.