Phishing E-mail Purports to be from US Federal Agency

A new phishing scheme is targeting users with e-mails carrying malicious attachments posing as federal complaints, researchers warned on December 14, 2007.

Vice President of security research, Dan Hubbard, at Websense said that the attack this time was using the name of the US Department of Treasury. Like the attacks launched over the past many months, this one too claims to issue a complaint blaming the recipient and her or his company. SCMagazine published Hubbard's statement on December 14, 2007.

Hubbard said that the scheme is similar in nature to the spear phishing attacks recently operated that targeted executives. Those attacks exploited the names of IRS, BBB and the Federal DOJ to lure recipients.

The new phishing e-mail has .pif file attachment that poses to lodge a complaint blaming the recipient and includes his and his employer's names in a list to appear more authentic. But the attachment is an executable consisting of a downloader, which on clicking leads to a malware-laden website containing a data-stealing Trojan.

The e-mail message uses high-quality social engineering methods to lure victims. The tactic is one of personalization, Hubbard explained as the message associates the recipient to a prominent government agency that makes one ponder. The recipient starts to think he is in trouble and this way, the e-mail grabs his attention.

The attack does not hunt for vulnerability to exploit and no signature exists to defend users against the malicious Trojan. But that doesn't necessarily make the variant perfectly successful. Many organizations have been able to block the executables.

Tricks similar to this were employed to hack the US' Oak Ridge National Laboratory, a Tennessee located research center for the Department of Energy. In that attack, hackers sent out seven separate e-mail messages, Thom Mason, Director of Oak Ridge, had said. One message pretended to be an advice to employees about a Department of Defense organized scientific conference. Another posed to be a notification from the FTC. Mason admitted through a memorandum in the first week of December 2007 that 11 members of the staff became victims to the phishing e-mails. World Peace Herald reported this on December 12, 2007.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 12/27/2007