Corporate Executives targeted in Focused Security Attacks

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Email The ISC is reporting that executives are being selected and sent email with malicious agents embedded in WORD documents. While AV scanners can detect these, a narrowly targeted attack may be well tested by the senders to ensure it gets past AV software. Additionally, many companies may not be blocking either ZIP or DOC based attachments.

Person Corporate executives would always be concerned over any "official looking" email from the IRS, Better Business Bureau, Federal Trade Commission, etc. The well socially engineered attack is not prevelant in-the-wild, but it is a growing concern. The main goal could be to gain confidential information, passwords, or even scam the company potentially.

Lightning All untrusted documents or web links must be avoided. Malware authors can copy true HTML from the website (or email) and create a document appears genuine in every respect. Sometimes they can't spell and that's a clue, but lately many items I've seen are very official looking.

Cake PERSONAL EXAMPLE: I recently received in my bulk mail filters, a hallmark greeting card invitation that was so authentic, that I felt it was truly a congratulatory e-card from a friend. Having developed web pages for over a decade, I explored the underlying code. Everything was geniune, except for the main link with pointed to a numerical IP address. There was also a malicious POSTCARD.EXE downloader trojan horse as part of the web address. I closed out of the HTML edit session and browser and deleted this one immediately.

Idea RECOMMENDATION: As a counter-measure, everyone should cross-check email messages from the IRS, government authorities, banks, credit card agencies, stockbrokers, billing entities, software vendors, etc. directly by phone or otherwise. Never take action on an email message alone and always be very careful to avoid any attachment or web links that might be present in unexpected or suspicious documents.

Corporate Executives targeted in Focused Security Attacks
http://isc.sans.org/diary.html?storyid=2979

QUOTE: This is another word “document” with a malicious embedded object similar to the BBB, IRS, FTC and other targeted trojan “documents”. A word of caution: Do NOT open strange documents or run untrusted binaries on a machine you don’t wish to format and reinstall the OS on!

Posted: Jun 16 2007, 01:55 PM by Harry Waldron | with 1 comment(s)

Comments

Corporate Executives targeted in Focused Security Attacks | Stop Spyware Ads said:

Pingback from Corporate Executives targeted in Focused Security Attacks | Stop Spyware Ads

# July 24, 2007 4:34 PM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)