Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

[ronjor]

Quote:

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "It then asks them to click a link and download the case history and associated information. One problem: It's totally bogus."

Article

[ccsito]

Quote:

noting that he has seen similar attacks result in bank account losses that range from $100,000 to $1 million in aggregate.

Wow, these hackers are catching quite a few whoppers.

[Dogbiscuit]

Quote:

"Most of these attacks are exploiting well known vulnerabilities," said Don Leatham, director of solutions and strategy for Lumension Security. "The first step is to eliminate the vulnerabilities by staying patched. There is the challenge of the zero-day threat, but from what we've seen, the majority of these Trojans are spreading through vulnerabilities that can be closed."

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack...

Keeping a system patched may be more important than using a firewall or running with limited rights. Of course, doing all three is better still.

[AKAJohnDoe]

I think that is actually quite funny. I don't respond to every email that I get from a known valid source! Suckers!

It reminds me of the grocery store chain that almost got scammed out of $10M on the basis of an email.

[mauricev]

Quote:

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack..

Does anyone know which one it is?

[Rmus]

Quote:

anyone clicking on the malware link in the message would have be hit with a Trojan downloader, which would have phoned home to fetch additional malware.

Not anyone with White List protection. Unfortunately, blocking executables by White Listing is deemed too restrictive in many corporate environments, as reported to me by several at sans.org when I inquired.

Quote:

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack, a fact that underscores the need for other forms of defense like user education.

Since one exploit involved downloading a CAB file with an executable, Acrobat.exe, inside, basic user education should include that documents as specified in this attack would not be executable files. However, since it is easy to spoof an executable with a different file extension, even this rule of thumb is not reliable.

The only reliable security against this type of attack is for a company to get serious about securing company computers against such an attack, as the Los Angles Police Department has done,

Quote:

We currently have a policy that prohibits unauthorized installation of non-Department sanctioned/
owned software on any Department computer.

----
rich