recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

A Fresh Round of Targeted E-mail Attacks

Another series of sophisticated e-mail attacks were launched over the past 24 hours, addressing recipients by name and warning of complaints filed against them and/or their company with the Justice Department and the Better Business Bureau.

E-mail security firm MessageLabs said it spotted the spike in targeted e-mail attacks designed to look as though they were sent from the Better Business Bureau. The messages address recipients by name and list corresponding employer information both in the body of the e-mail and the subject line. The missives reference an attached "complaint," which is actually a screensaver file that harbors password-stealing software.

Websense, meanwhile, is warning of a very similar attack made to look like an e-mail sent from the Justice Department, claiming that a complaint has been filed against the recipient's company. The attached "complaint" file also is a Trojan horse program wrapped in a screensaver file.

Websense reports that none of the major anti-virus products currently detects the malicious nature of the screensaver files attached to the new round of e-mails.

As we saw with recent, similar targeted attacks that spoofed the BBB and the Federal Trade Commission, this latest round is likely to be very successful. ID thieves and associated online criminals are taking spam and phishing scams to a new level, as they mine public and stolen databases to match e-mail addresses with real names and companies.

Bottom line: You cannot trust the information contained in the "from:" field of an e-mail. Opening unexpected e-mail attachments is an extremely dangerous practice. If you are not sure whether someone you know meant you to view an attachment, create a new e-mail (don't just hit "reply"), type in the sender's e-mail address, and ask that person whether he or she intended to send you an attachment.

By Brian Krebs |  November 19, 2007; 10:30 PM ET Latest Warnings
Previous: Apple Plugs 44 Security Holes | Next: Credit Card Thieves Flood Wikimedia With Pennies

Comments

Please email us to report offensive comments.



PGP - the "From:" field has been easy to spoof for years, even using standard Outlook or Thuderbird e-mail software ... use PGP signatures for the messages you send out. Check out enigmail.mozdev.org

Posted by: samy | November 19, 2007 11:48 PM

Better yet, just delete the email. The worst you have to lose is someone might have to re-send the email. I do not take chances, email contacts not in my address book are deleted without question.

Posted by: Dan | November 20, 2007 12:15 PM

Dan, sorry, but that is besides the point. Viruses often come as unexpected e-mails from people you know, sent by spam robots from who knows where :-o.
Signing e-mails verifies that it was sent by real person, and also confirms the identity. You can even sign attachment.
I sign my messeges with PGP, but sadly I have only few people that I exchange encrypted mail with.

Posted by: samy | November 20, 2007 2:55 PM

As much as I wish signing was the answer, it isn't--at least not yet. People just aren't smart enough to know a real signature from a fake one. If a spam robot forged a name and simply appended a fake signature, to most people it's going to be just as good as the real thing:

-----BEGIN VERIFICATION SIGNATURE-----
wa435adf2309p/JsGz86uwqAQiP5Qf*LK8dakz86uwqAjkla
asdfsdfaZ31NzbGSOz86uwqAlvvDxSmVjGEM8kMri&^YOIUP
:KJkz86uwqAlj;lajksdfypiuoija;df9834aFNnHCFHeDwC
y7896asdetu62Zz86uwqA132GQQ6CA/29OBsmqUiks3igmYv
=Ti69
-----END VERIFICATION SIGNATURE-----

I use S/MIME on one account and even with it integrated into most clients, most people are unfamiliar with the idea and I think my signature adds little weight over a HTML formatted green bar at the top of a spam that says "Click here to verify the sender's informaton" and actually links to some downloader.

Unless there is some massive revolution that gets even small companies and individuals who don't work with government contracts to use S/MIME or PGP, I don't think it's the answer. I think we've got a better chance of getting most mail servers to support SPF (www.openspf.com) and Sender ID. It isn't as ideal as everyone being a computer genius and implementing/understanding PGP or S/MIME, but it is a big step in the right direction and doesn't rely on savvy users.

Posted by: MarvinK | November 20, 2007 8:10 PM

so the solutions for windows users are:

1. delete all email and if it is sent again it must be O.K
2. get a real computer
3. do nothing

Posted by: john | November 21, 2007 2:08 AM

not being very tech savvy, I delete all unknown-origin messages to be safe.

But if messages from known contacts can contain embedded (is that the right jargon?)attatchments, how can I be safe opening them?

(and I've long suspected all these pass-along collections of puppy and kitten pictures, and feel-good animations, so I don't open most of my dear MIL's emails!)

Would this work? Say I create an email to send, and include the line at the bottom: "NO attatchments being sent. If an attatchment appears, do not open this email. Contact me directly via 'new message'", then sign using a nickname.

Posted by: sue | November 21, 2007 10:22 AM

Snobs are lame.

Posted by: phread | November 21, 2007 10:45 AM

The truth here is that you'll never be 100% safe. The authors of these virii, and spam emails own spam filters and anti-virus products, and they test against them. Why would they risk getting any of their IPs blocked without a successful campaign? Or just have their malicious payload picked up by AV software. Even though these businesses are often quick to update definitions and signatures, it is still a reactionary business. What you need to be is vigilant, and informed, and if it looks strange, it's trash. Oh, and Mac guy up there, don't be all elitist, they're writing more for you now too, welcome to the grown-up's table.

Posted by: phread | November 21, 2007 11:00 AM

If any agency of the government, or any serious entity for that matter, is considering legal action against you, they MUST notify you by (gasp!) regular mail.

You will get a letter, probably a traceable certified letter, and it will probably have independently (ie, listed) phone numbers to contact.

Guys - we're to enamored of email!

Anything serious from outside your company will come in the mail.

Until it does, delete, delete, delete...

GV

Posted by: Gavino | November 21, 2007 11:48 AM

I meant "independently verifiable (ie, listed) phone numbers".

Also, I meant "We're too enamored of email".

Shoulda hit preview, as I will now...

Posted by: Gavino | November 21, 2007 11:51 AM

Yes--and even if it isn't a virus, doesn't mean it can't be a scam. The problems with standard email lacking any reasonable authentication applies to EVERY operating system and user. Putting a fake signature in some sort of phishing email can be just as effective for overly-trusting Mac or Linux users--just like overly trusting Windows users.

People do need to be vigilant--regardless of operating system.

Posted by: MarvinK | November 21, 2007 11:53 AM

every system is theoretically vulnerable to viruses and the like, but unix-derived systems like linux are much harder to crack than the silly microsoft junk.

Posted by: | November 21, 2007 3:45 PM

sue: Sorry, but you're solving the wrong problem. Current viruses (not "virii") don't attach anything to messages you send yourself, they infect your computer so it sends out messages all by itself.

Marvin: if the email program could automatically detect when a PGP signature isn't valid, that would be a large step in the right direction. This should not even be very hard to do technically, it's just that PGP stuff isn't standardized to the point where it would not be somewhat error-prone.

Posted by: h0m3r | November 23, 2007 3:13 AM

Vista Mail Server Exchange Secure Encryption would solve all of these problems! TRUST VISTA! I do!

Posted by: steve ballmer | November 24, 2007 7:41 PM

It's not only online. A lot of terrestrial spam implements tricks to get people to open stupid envelopes. Envelopes made to look like official govt correspondence etc.

Posted by: Rick | November 26, 2007 12:28 PM

So how doyou remove this trojan? I don't have Mcafee but I have symantec endpoint protection and it doesn't appear to be detecting this as a virus and one our employees clicked on it. Any help would be great! Is our network in any type of danger? These attachments rae bad news any way you look at. You can tell employees over and over not to click on one from soneone u don't know but when soemthing new like this comes and looks legit they don't even think twice! Man email needs fixed...its the biggest security risk. Maybe disable attachments via email all together and just use some other service?

Posted by: Jim | December 3, 2007 10:42 AM

how do i get rid of it as some of the people at my company have already clicked on this???

Posted by: gr8wall | December 4, 2007 10:45 AM

Are you looking for
amlodipine
amlodipine ?

Posted by: Kelly | December 19, 2007 5:20 AM

REIMAGE/REFORMAT THERE IS NO OTHER HELP OUT THERE... I CHECKED

HAHA "were you looking for entry removal?"

no.. lmtry has hosed my CIO's outlook 2007

stupid google. ur sponsered ads are poison

Posted by: jason.instinct | December 20, 2007 3:38 PM

The comments to this entry are closed.

 
 

©  The Washington Post Company