DoJ Spoofed in Spam Claiming a Complaint

Researchers at anti-spam company, MX Logic, have uncovered a series of fake e-mails pretending to arrive from the DoJ (Department of Justice) carrying malicious attachments.

The subject title refers to an update of a complaint indicating a complaint number while the main message contains information on a claim filed against the recipient's company. The phony e-mail also contains an attachment of 124K size and shows the name as 'complaint.zip.'

Director of Threat Management, MX Logic, Sam Masciello, said that the e-mails don't seem to target anyone with information although they somewhat resembled the spam in May-June 2007, aiming at C-level executives, as reported by GCN on February 29, 2008.

The new attack associates with low e-mail traffic and arrives slowly while escaping detection. Sometimes it seems to peak to hundreds of e-mails per hour and then drops significantly. While the e-mails still flow in, some of their IP address has been traced to Italy.

The mail has a well-formatted structure also captures an image from the Website of DoJ. However, the message body contains misspellings and grammatical errors. One example is that of an incorrect spelling of 'filed' written as 'filled'. Same mistake was also found in e-mails of 2007.

The attack of e-mails in 2007 contained keylogging software as its malicious payload. Similar to those messages, the current e-mails specify the names of the recipients and their companies in the body text making them appear credible. This way the fraudsters attempt to lend some authenticity to their scam.

High-profile executives are usually favorable targets for online criminals because they deal with vast amounts of sensitive company information. They also are at greater security risks, as they tend to operate above the organization's security policies that protect its data. They are busy and mobile and prefer to use up-to-date gadgets while often remain less aware of their technology and risks associated with it.

The sloppiness involved in spam represents a common defect in the social engineering used. However, the presence of misspellings and same name of the attachment in all e-mails make it easy to block the particular spam, said Masciello.

Related article: Dixie College Suffers Data Hack

» SPAMfighter News - 3/12/2008