Targeted Trojan attacks executive PCs
Security service provider MessageLabs has described in their June 2007 Intelligence Report a spate of infected emails targeting senior corporate management and executives individually. Mails containing malicious Word attachments were addressed using the correct name and job title of the individual recipients. The trojans in the emails were intended to capture business information from the business computers of the recipients.
Emails were also sent to members of the the executives' families, presumably with the intention of compromising the home computer to capture confidential personal information. On June 26 alone, MessageLabs intercepted more than 500 individual email attacks targeted to senior executives in organisations worldwide.
According to the report, more than 30 per cent of attacks were targeted at persons with the title of a chief investment officer. Other victims held roles such as CEO (eleven per cent), CIO (nearly seven per cent) or CFO (six per cent). Almost 50 per cent of these e-mails were addressed to directors of research and development, managing directors and other board members. It seems that these criminals are now investing significant effort to gather information on their victims before launching an attack. The resultant convincing emails can often induce the target to open the malicious document even in this spam-aware age. The criminals apparently often use social networking sites such as Face Book, Linked-In, MySpace and Xing to gather intelliegence.
In their Intelligence Special Report "Targeted Attacks March 2007" published in April MessageLabs reported an increasing number of targeted attacks through manipulated Excel, Word and PowerPoint attachments in e-mails that exploit Office vulnerabilities. While in early 2006 only two such attacks were registered per week, 716 were intercepted in March 2007 alone, coming from 249 sources and addressed to 216 different organisations.
- MessageLabs Intelligence: June 2006, report by MessageLabs