Facebook enabling tailored email attacks
Published: 21 Nov 2007 12:24 GMT
Security experts warned this week of two separate email attacks launched on Monday that take aim at specific individuals within corporations.
The first attack, detected by MessageLabs at 4.55pm on Monday, was sent to more than 400 individuals at financial institutions, with the email addressed specifically to that individual and purporting to be a complaint from the US Department of Justice. A second attack, spotted three and a half hours later, was similar, but claimed to be from the Better Business Bureau. In both cases, the emails contained malicious attachments that could lead to the recipient's system being taken over.
The Trojan horse that gets installed on a computer allows an attacker to gain remote access to the machine, but MessageLabs security analyst Paul Wood said the attacker's exact purpose was not clear. "Once they get access to the machine remotely, they can use that machine for anything," Wood said.
Although it is likely the two attacks are related, Wood said, their attachments and delivery mechanisms varied somewhat. The attack spoofing the Justice Department contained an executable program within a zipped file with the extension .scr, typically used by screen savers. In the attack claiming to be from the Better Business Bureau, the attachment was a rich text format document that contained an executable program disguised as a PDF file.
The rise in specifically targeted email attacks has been of significant concern to security experts. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on, given the fact they are customised to their recipients, including details such as their name and official title.
In its annual Security Intelligence Report, issued last month, Microsoft reported a steep rise in such attacks. Wood said that his company started seeing attacks aimed at specific individuals back in 2005, but, at the time, it saw maybe two such attacks a week. By last year, it was seeing one per day; this year, that number has risen to an average of 10 per day.
One of the big reasons behind the increase is the availability of toolkits that enable criminals to essentially have a template for the attacks, in which they need to fill in only the targeted information.
"A year or two ago you would have to be fairly technically sophisticated in order to create these attacks," Wood said.
Wood added that the rise of social networks, like Facebook, and professional networks, such as Plaxo and LinkedIn, is making it easier for attackers to do their homework on potential victims.
"You can certainly build up a profile and make those attacks much more convincing," Wood said.
This week's attacks are similar to ones that took place in June and September. In the September attack, more than 1,000 senior executives were sent messages with an apparent Word attachment that contained an embedded executable file. The June attack, which also targeted senior executives, purported to be an invoice.
The latest attack claiming to be from the Better Business Bureau is still ongoing, said MessageLabs. The Better Business Bureau has also been imitated before in a number of phishing attacks.
- Social networking: 3G's killer app?
- Half of employers ban Facebook
- Social networking driving server sales
- Think before you mail, advises IBM
- Facing the past and future at Facebook
- Unified communications come together
- Microsoft bags a stake in Facebook
- Google: Businesses can benefit from video sharing
- Facebook: A boon to business security?
- Vendorboard: Freeing yourself from inbox tyranny
- How to use social networks for business gain
- Google reveals its social side
Did you find this article useful?
2 out of 2 people found this useful
- Share this article:
