| Norman warns CEOs over targeted email attacks
The sequence of events is as follows: 1. The CEO receives an email that looks like a subpoena addressed to them from the US District Courts in USA, stating they have been sued and need to view the court documents by clicking on a web link. 2. The email looks very realistic, and in contrary to some other phishing attempts the grammar in these emails is good. It also contains the correct name of the company, the correct CEO and might even contain the correct phone number. This misleads the recipients into following the instructions in the emails. When clicking the link, that seemingly is to the American Courts but in fact leads to Jinan, China, the users are asked to install a plug-in to access the documents. 3. By doing this the victims are in fact installing a trojan that gives criminals access to data located on the computer. Such data could include sensitive business or development data, passwords, strategy documents, payment information and so forth. The trojan is installed in form of a digitally signed CAB archive which extracts a file called acrobat.exe. This file then again installs acrobat.dll that gives the trojan access to all data that passes through the web browser and Windows Explorer. Current reports show that there is an increasing number of CEOs that have been targeted using this ‘spear phishing’ attack technique and that the apparent legitimacy of this document has meant that a number of executives have been tricked into installing the trojan. Trygve Aasland, CEO of Norman ASA was one of the recipients. "This email appears legitimate and the technique is clever in that most people will want to discover the details of why and by whom they are being sued, fortunately I am very much aware of these attacks and so we remained unaffected but I can see how others may have been tricked into opening the link and installing the so called plug in" Said Trygve Aasland, CEO, Norman ASA
•Date: 22nd April 2008• Region: US •Type: Article •Topic: Warnings
|
