http://news.cnet.com/8301-27080_3-10441004-245.html By Elinor Mills InSecurity Complex CNet News January 25, 2010 People behind the China-based online attacks of Google and other companies looked up key employees on social networks and contacted them pretending to be their friends to get the workers to click on links leading to malware, according to a published report on Monday. "The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were," the Financial Times reported. "The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent." "We're seeing a lot more up-front reconnaissance, understanding who the players are at the company and how to reach them," George Kurtz, chief technology officer at security firm McAfee, told the Financial Times. "Someone went to the trouble to backtrack: 'Let me look at their friends, who I can target as a secondary person.'" The attackers used a popular instant-messaging program to distribute the malware link to target employees, Kurtz said. The malware exploited a hole in Internet Explorer that Microsoft patched just last week. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Mon Jan 25 2010 - 22:54:35 PST
This archive was generated by hypermail 2.2.0 : Mon Jan 25 2010 - 22:58:19 PST