
The attack was so precisely addressed that the name and job title of the recipient was included in the subject line of the email, the latest MessageLabs report found.
The strike targeted a variety of people, all working in senior management positions in different industry sectors around the world.
Security analysts believe this attack can be attributed to a previously unknown gang, which carried out extensive research to compile the list of targets.
“Somebody somewhere did their homework,” said Mark Sunner, chief security analyst at MessageLabs. “This attack involved far too much work for one person. I believe an organised criminal gang was behind this, the true geography of which is still unknown.”
The report shows that senior professionals in the banking and finance industry were the most targeted by the cyber criminals. Chief investment officers accounted for more than 30 percent of the targeted attacks, while CEOs and CIOs made up 11 and seven per cent respectively.
Sunner believes the hackers were trying to access merger and acquisition information and other valuable financial data. The spammers used Microsoft Word documents to legitimise the emails, which contained executable code and activated the malware when opened.
The report also reveals that family members of the recipients also received spam messages to compromise the family computer and gain access to confidential details relating to the target.
“This evolving trend of increasingly personalised attacks emphasises the effort and research in which the bad guys are willing to engage to potentially obtain very lucrative information,” warned Sunner.
“With social networking tools, such as Facebook, Linked-In and MySpace, now highly populated with valuable content and sought-after details, it is easier than ever for the bad guys to harvest the personal details needed to personalise their attacks.”