[ISN] Hackers target C-level execs and their families

From: InfoSec News (alerts@private)
Date: Mon Jul 02 2007 - 23:12:04 PDT


By Jeremy Kirk
July 02, 2007 
IDG News Service

Hackers appear to have stepped up their efforts over the past year to 
trick corporate executives into downloading malicious software that can 
steal company data, according to new data released today.

MessageLabs Ltd., a security vendor that offers e-mail filtering 
services to catch spam and malicious attachments, caught an average of 
10 e-mails per day in May targeted at people in senior management 
positions, up from just one a day during the previous year, said Mark 
Sunner, chief security analyst.

Those 10 e-mails are a tiny percentage of the 200 million e-mails that 
MessageLabs scans every day, but the composition of those messages is 
alarming, Sunner said.

Many of the e-mails contained the name and title of the executive in the 
subject line, as well as a malicious Microsoft Word document containing 
executable code. The hackers are trying to trick the victims into 
thinking the messages come from someone they know, in the hope that the 
victim will willingly install, for example, a program that can record 

MessageLabs won't reveal what companies have been targeted, but it has 
contacted executives who have been names in the e-mails and discovered 
that the family members of the executives have also received messages on 
their own, noncorporate e-mail accounts, Sunner said.

Those methods suggests that hackers may be researching victims and 
culling data from social networking sites such as Linked In, MySpace or 
Facebook, Sunner said.

"If you really want to work out somebody's background ... you can 
actually find out a lot," Sunner said.

Tricking a relative into installing malicious code would offer the 
hacker another way to collect sensitive data if an executive decides to 
do some work on a home computer, Sunner said.

In June, MessageLabs picked up more than 500 of these targeted messages, 
with some 30% aimed at chief investment officers, a position that can 
include handling mergers and acquisitions. Other positions targeted 
include directors of research and development, company presidents, CEOs, 
chief information officers and chief financial officers.

Another danger is that the e-mails are often single messages sent to a 
single person, rather than a mass spam run. When hackers send out 
millions of messages, security companies often either update their 
software or change their spam filters to trap the bad messages.

But single messages have a higher chance of slipping through, although 
Sunner said MessageLabs' filtering service catches the messages by 
analyzing the e-mail's attachment and determining whether it is 
potentially harmful. Other security companies catch malware by updating 
their software with indicators, or signatures, to detect harmful code or 
block code from running based on what it does on a computer, a 
technology called behavioral detection.

Tracing where the messages come from is difficult because the sender's 
name is always fake, Sunner said. The IP addresses from which the 
messages were sent indicate that the computers are located around the 
world. Hackers often use networks of computers they already control, 
called botnets, to send e-mails.

"Certainly, people need to raise the level of vigilance," Sunner said.

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Mon Jul 02 2007 - 23:20:31 PDT