Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

ronjor · Apr 15, 2008

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "It then asks them to click a link and download the case history and associated information. One problem: It's totally bogus."
Click to expand...

Article

ccsito · Apr 15, 2008

noting that he has seen similar attacks result in bank account losses that range from $100,000 to $1 million in aggregate.
Click to expand...

Wow, these hackers are catching quite a few whoppers.

Dogbiscuit · Apr 17, 2008

"Most of these attacks are exploiting well known vulnerabilities," said Don Leatham, director of solutions and strategy for Lumension Security. "The first step is to eliminate the vulnerabilities by staying patched. There is the challenge of the zero-day threat, but from what we've seen, the majority of these Trojans are spreading through vulnerabilities that can be closed."

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack...
Click to expand...

Keeping a system patched may be more important than using a firewall or running with limited rights. Of course, doing all three is better still.

AKAJohnDoe · Apr 17, 2008

Re: CEO subpoena scam fires up anew

I think that is actually quite funny. I don't respond to every email that I get from a known valid source! Suckers!

It reminds me of the grocery store chain that almost got scammed out of $10M on the basis of an email.

mauricev · Apr 18, 2008

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack..
Click to expand...

Does anyone know which one it is?

Rmus · Apr 18, 2008

anyone clicking on the malware link in the message would have be hit with a Trojan downloader, which would have phoned home to fetch additional malware.
Click to expand...

Not anyone with White List protection. Unfortunately, blocking executables by White Listing is deemed too restrictive in many corporate environments, as reported to me by several at sans.org when I inquired.

Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack, a fact that underscores the need for other forms of defense like user education.
Click to expand...

Since one exploit involved downloading a CAB file with an executable, Acrobat.exe, inside, basic user education should include that documents as specified in this attack would not be executable files. However, since it is easy to spoof an executable with a different file extension, even this rule of thumb is not reliable.

The only reliable security against this type of attack is for a company to get serious about securing company computers against such an attack, as the Los Angles Police Department has done,

We currently have a policy that prohibits unauthorized installation of non-Department sanctioned/
owned software on any Department computer.
Click to expand...

----
rich

Log in or Sign up

Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

ronjor Global Moderator

ccsito Registered Member

Dogbiscuit Guest

AKAJohnDoe Registered Member

mauricev Registered Member

Rmus Exploit Analyst

Log in or Sign up

Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

ronjor Global Moderator

ccsito Registered Member

Dogbiscuit Guest

AKAJohnDoe Registered Member

mauricev Registered Member

Rmus Exploit Analyst

Useful Searches