Phishers Spoof E-mail from NPRC Complaining Payroll Fraud
In an alert notification about e-mail, Websense Security Labs published on its website on January 8, 2008 that a new attacking e-mail is spoofing a message purporting to be from the NPRC, i.e., National Payroll Reporting Consortium.
The phishing e-mail complains that the company of the recipient has made multiple misrepresentations in worker classification in order to bring down compensation expenses. The e-mail then instructs the recipient to put the necessary information in a form attached with the e-mail and send it by fax to the fraud department of the NPRC so that the issue can be resolved.
But Director of Rapid Response, Matt Richard, at VeriSign Defense said that the form actually carries a Trojan designed to load malicious object as a browser helper that seizes user details from online forms. SCMagazine published this in news on January 9, 2008.
Richard said that the Trojan becomes active every time data is typed into the form. It then collects that data, saves it and finally transmits it to the website of the attacker, as reported by SCMagazine.
The latest NPRC attack resembles several earlier scams that were highly publicized and which purported to be from non-profit and government organizations like the Better Business Bureau, Department of Justice and the Internal Revenue Service.
According to Websense Security Labs, a criminal group based in Romania is behind the new attack, which is responsible for approximately 30%-40% of phishing e-mails laden with Trojans. Also, in 2007, a similar assault was waged when three groups across the border launched 50%-75% of such attacks.
Richard found that the three groups were different in that they chose different types of malware to propagate.
Richard said that that these series of attacks have been brilliant and terrible because none of them uses a hi-tech method to plant their malicious code. They have been neither exploiting zero-day vulnerabilities nor authoring exploits that require plenty of effort and work; rather, they have been using social engineering techniques that only require creativity. Richard said that each attack reaches an estimated 1,000 to 10,000 users, with around 20%-30% falling as victim. SCMagazine published this.
Related article: Phishers Expand Their Sphere of Attacks
» SPAMfighter News - 21-01-2008