Phishing Attack Summoning US CEOs to Court Gains Computer Access

According to security researchers at SANS Internet Storm Center, thousands of CEOs (chief executive officers), on April 15, 2008, in the US became targets of a new phishing scam that distributed e-mails summoning recipients to provide testimony in national court.

Victims in the attack are directed to a fake site where they are asked to load a browser plug-in program to be able to see the court documents. But, in reality that software allows criminals to access the user's computer.

Thus, the attachment supposedly containing the order is truly a data-stealing Trojan, said John Bambenek, who serves as a handler to the Institute's Internet Storm Center and is also a researcher of information security at the University of Illinois in Champaign, as reported by SCmagazine on April 14, 2008.

The executable that maliciously creates a BHO (browser-helper object) and also a concealed window in Internet Explorer facilitates interaction with a Singapore-based command-and-control center. It also installs malware like a keystroke-logging program. The BHO even steals the recipient's digital certificates from his computer.

Bambenek said that since the dealing is with company CEOs, the e-mails could authoritatively be notifications or e-mails from them having the officer's digital signature.

The scammers in this digital assault have been identified as the same people who were behind the phony e-mails purportedly from the BBB (Better Business Bureau). However, the e-mail senders have been lax in this latest run. Indications that the message is fraudulent evident from the unconvincing headers, fake numbers for different cases, and errors in spelling and grammar.

Sam Masiello, Director of Threat Management, MX Logic said that the e-mails come added with tactics of social engineering such as use of the full name of the recipient, organization's name and office phone number all of which demarcates them from the usual junk e-mails, as reported by SCmagazine on April 14, 2008.

The method used in the current attack, which targets C-level executives, is called "Whaling." The name implies that the hook is attempted on the biggest fish; individuals who are more affluent with chances of losing more than the ordinary people would both professionally and personally.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 4/19/2008