In the wake of several lawsuits, mergers, and hostile takeover announcements, there is a new targeted Phishing campaign taking place online that singles out top executives. According to a report from SANS ISC, and several online news sources, the Phishing attack sends what appears to be a federal subpoena to company CEOs.
In the wake of several lawsuits, mergers, and hostile takeover announcements, there is a new targeted Phishing campaign taking place online that singles out top executives. (IMG:J.Anderson)
Spear-Phishing is nothing new. The targeted Phishing attacks have taken place in the past in an attempt to exploit Microsoft Office vulnerabilities. They have also been used in the past to target mid-level office workers in order to leverage attacks on several applications, such as PDF file exploits and QuickTime.
The interesting thing according to SANS is that this was a low number attack, only about two thousand CEOs were targeted. Lawyers can verify that federal courts do use an electronic notification system.
The catch is, “You know what a CM/ECF email looks like. They are all formatted exactly the same and do not come with any pleading attached or inline with the e-mail itself. All CM/ECF emails follow the same general format, have the same syntax in their subject, and look very form-based in the body. You've gotten thousands of these, if you see something radically different, I would log in directly into the CM/ECF system and check the docket record directly,” John Bambenek of SANS said in a Diary post.
He adds that it would be wise for those with access to check the CM/ECF system to confirm the email. “It would be nice if the CM/ECF e-mails were PGP signed or otherwise digitally signed to ensure authenticity and this scam might encourage them to take that step. However, key point, if you are not a lawyer (or not representing yourself pro se and have ECF access) you will never get an e-mail from the court.”
The email leads to a website that requires you to download and install, you guessed it, a browser add-on. The download is a CAB file with acrobat.exe. On the back end, it will open a hidden window and communicate with a server in Singapore.
It is understood, as SANS pointed out, unless you are a lawyer, you will never get these types of email. If you do, forward it to the IT team, NOT the legal department.
Virus Total scores for the variants:
http://www.virustotal.com/analisis/13bfb6913f9c328c7b657fce4ba4c731
http://www.virustotal.com/analisis/7a22ddc5aac588d069fc59e989b6ad0f
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!