A Fresh Round of Targeted E-mail Attacks
Another series of sophisticated e-mail attacks were launched over the past 24 hours, addressing recipients by name and warning of complaints filed against them and/or their company with the Justice Department and the Better Business Bureau.
E-mail security firm MessageLabs said it spotted the spike in targeted e-mail attacks designed to look as though they were sent from the Better Business Bureau. The messages address recipients by name and list corresponding employer information both in the body of the e-mail and the subject line. The missives reference an attached "complaint," which is actually a screensaver file that harbors password-stealing software.
Websense, meanwhile, is warning of a very similar attack made to look like an e-mail sent from the Justice Department, claiming that a complaint has been filed against the recipient's company. The attached "complaint" file also is a Trojan horse program wrapped in a screensaver file.
Websense reports that none of the major anti-virus products currently detects the malicious nature of the screensaver files attached to the new round of e-mails.
As we saw with recent, similar targeted attacks that spoofed the BBB and the Federal Trade Commission, this latest round is likely to be very successful. ID thieves and associated online criminals are taking spam and phishing scams to a new level, as they mine public and stolen databases to match e-mail addresses with real names and companies.
Bottom line: You cannot trust the information contained in the "from:" field of an e-mail. Opening unexpected e-mail attachments is an extremely dangerous practice. If you are not sure whether someone you know meant you to view an attachment, create a new e-mail (don't just hit "reply"), type in the sender's e-mail address, and ask that person whether he or she intended to send you an attachment.
The comments to this entry are closed.