CPJ’s Top Official gets Phishing E-mail from Sister Organization

During the end-week of August 2012, Joel Simon, Executive Director (ED) of CPJ abbreviation for 'Committee to Protect Journalists' got one e-mail, which seemed as being dispatched from the id of Rony Koven, co-worker and employee of 'World Press Freedom Committee,' the sister organization of CPJ, published ZDnet.com dated September 4, 2012.

It maybe noted that CPJ represents one NGO, which combats for safeguarding journalists working at relatively high risk as also shield free press breaches worldwide.

Reportedly, Rony Koven's name was wrongly spelled as Rony Kevin in the e-mail while the Yahoo account from where the message originated wasn't either of his.

With a header, "Fw: Journalists arrested in Gambia," the fake e-mail had boilerplate text content regarding recently jailed reporters. This was followed with a request to examine the attachments to get additional info. In reality, the criminals 'copy-pasted' the text available inside 'Article 19 alert,' state reports. The attachment contained a zipped file given the name, "Details" that was apparently password-protected having CPJ as the characters.

Luckily, CPJ's staff-members act very carefully with unknown attachments.

In the current case, the institution quarantined the e-mail, which it subsequently assessed within one secured computing environment.

During the assessment, CPJ staffers discovered that the zipped attachment had one replica of Article 19, a few photographs (precisely 3) showing Gambian journalists, as well as one malevolent Windows executable falsely depicted like a graphic file.

And whilst this executable was run, it clearly showed like malware that worked behind the scene while exchanged messages from the ED's PC onto another server, which, according to Morgan Marquis-Boire a security researcher from Citizen Lab, traced to Indonesia.

Analysts found that the malicious software would get loaded within a harmless place on the PC from where it'd run automatically. A standard function would release the malware file, while comments followed in the Chinese language.

Danny O'Brien, Internet Advocacy Coordinator at CPJ e-mailed the administrative address of the computer-server of Indonesia, but it didn't help in tracing the phishers. Neither did the executable file's Chinese language suggesting the toolkit that created the malware as having Chinese components, observed O'Brien.

Related article: CEFCU Customers Face phishing Scam Heat

» SPAMfighter News - 9/17/2012