Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

Discussion in 'privacy general' started by ronjor, Apr 15, 2008.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    Article
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Wow, these hackers are catching quite a few whoppers. :eek:
     
  3. Dogbiscuit

    Dogbiscuit Guest

    Keeping a system patched may be more important than using a firewall or running with limited rights. Of course, doing all three is better still.
     
    Last edited by a moderator: Apr 17, 2008
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
  5. mauricev

    mauricev Registered Member

    Joined:
    Apr 15, 2008
    Posts:
    43
    Does anyone know which one it is?
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Not anyone with White List protection. Unfortunately, blocking executables by White Listing is deemed too restrictive in many corporate environments, as reported to me by several at sans.org when I inquired.

    Since one exploit involved downloading a CAB file with an executable, Acrobat.exe, inside, basic user education should include that documents as specified in this attack would not be executable files. However, since it is easy to spoof an executable with a different file extension, even this rule of thumb is not reliable.

    The only reliable security against this type of attack is for a company to get serious about securing company computers against such an attack, as the Los Angles Police Department has done,

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.