Security experts warned this week of two separate e-mail attacks launched Monday that take aim at specific individuals within corporations.
The first attack, detected by MessageLabs was sent to more than 400 individuals at financial institutions, with the e-mail addressed specifically to that individual and purporting to be a complaint from the US Department of Justice.
A second attack, spotted three and a half hours later, was similar, but claimed to be from the Better Business Bureau. In both cases, the e-mails contained malicious attachments that could lead to the recipient's system being taken over.
Want to know more?
-
For all the latest news, analysis and opinion on security, click here
The trojan horse that gets installed on a computer allows an attacker to have remote access to the machine, but MessageLabs security analyst Paul Wood said the attacker's exact purpose was not clear. "Once they get access to the machine remotely, they can use that machine for anything," Wood said.
Although it is likely the two attacks are related, Wood said, their attachments and delivery mechanisms varied somewhat. The attack spoofing the Justice Department contained an executable program within a zipped file with the extension .scr, typically used by screen savers. In the attack spoofing the Better Business Bureau, the attachment was a Rich Text Format document that contained an executable program disguised as a PDF file.
The rise in specifically targeted e-mail attacks has been of significant concern to security experts. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on given the fact they are customised to their recipients, including things such as their name and official title.
In its annual "Security Intelligence Report", issued last month, Microsoft reported a steep rise in such attacks. Wood said that his company started seeing attacks aimed at specific individuals back in 2005, but at the time it saw maybe two such attacks a week. By last year, it was seeing one per day; this year, that number has risen to an average of ten per day.
One of the big reasons behind the increase is the availability of toolkits that enable criminals to essentially have a template for the attacks, wherein they need to fill in only the targeted information.
"A year or two ago you would have to be fairly technically sophisticated in order to create these attacks," Wood said.
Wood added that the rise of social networks like Facebook and professional networks such as Plaxo and LinkedIn are making it easier for attackers to do their homework on potential victims.
