Instead, the executable file said to contain the subpoena actually is an information-stealing trojan, John Bambenek, a handler at the SANS Internet Storm Center and an information security researcher at the University of Illinois in Champaign, told SCMagazineUS.com.
"The idea was a very good one," he said. "People see a subpoena and they're like, 'Oh my,' especially a CEO."
The malicious executable creates a browser-helper object (BHO) and opens a hidden window in Internet Explorer, which communicates with a command and control center in Singapore and can install malware, such as a keylogger, Bambenek said. The BHO also steals digital certificates installed on the recipient's computer.
"Since you're talking about CEOs of companies, that could potentially be big," he said. "People can authoritatively send out emails or notifications as a CEO of a company and digitally sign them."
The scammers behind this digital assault were the same individuals responsible for fake emails purporting to be from the Better Business Bureau, Bambenek said. However, the senders were sloppy in their latest run.
"If you paid attention, there were lots of clues that this wasn't kosher," he said. "The biggest one is that you're not going to get served over email. The court would simply not take it seriously. You have to be served the old-fashioned way."
Other giveaways that the email is a hoax include invalid headers, bogus case numbers and grammatical and spelling errors, he said.
The emails, though, come packed with social engineering tactics, including the recipient's full name, company name and work phone number, which distinguish them from run-of-the-mill junk mail, said Sam Masiello, director of threat management at MX Logic.
"By targeting C-level executives, the technique used in this type of attack is called 'whaling,'" he said. "It is called whaling because they are trying to get the largest fish that they can on the hook, people who are generally more affluent and stand more to lose, both personally and professionally."
See original article on scmagazineus.com
CEOs targeted by subpoena spam
By Dan Kaplan on Apr 16, 2008 10:33AM