ariastar
04-16-2008, 09:37 PM
There's a type of attack going on right now that has companies freaking out and the anti-spam/AV industry racing around like chickens with our heads cut off. Any time a whaling attack happens, it gets the higher-ups in "Protect me!" mode because whaling is targeted at CEOs and other people in higher positions. So yeah, this gets made into a bigger deal that DHA attacks that target everyone else in a company.
This one is actually very good, and we need more samples of it. The whales (the "big fish," though whales are mammals) are receiving messages that appear to be a subpoena from the San Diego court system, and they include personal information, such as the recipient's name and contact information. They look very real, but everyone should know a subpoena is sent in person. Still, when something sounds highly legal and addresses you by name, you're more inclined to check out out.
There's a link included for more information. Since not many CEOs want to risk running afoul of the law, and their assistants are likely to research any messages like this before sending them on, people are clicking these links that download a trojan and begins to record key strokes. Only about 40% of these messages are being caught by any AS/AV software.
We've got a few examples and have applied signatures where possible, to the virus itself to catch it with AV and to the message to get the AS to catch (Bayes doesn't give it a low enough score to throw it into junk mode). But we need more. One of our CEOs has been running around panicking all day and interrupted meetings to say we need to be on top of this right NOW and why didn't we bring it to his attention, blah blah. Well, most of us deal with junk and virus messages that get through and how to stop them. We don't sit there all day looking at stuff that was sent to junk unless people report something in their junk boxes as not being junk. And then we deal with it. Apparently we ARE catching it, so of course we wouldn't see it.
Anyway, we need more of these messages. If you get one, or any message that is targeted (as in by name rather than a completely generic message that's "Dear Valued Customer," could you please save it as .eml if possible, and contact me?
Thanks.
This one is actually very good, and we need more samples of it. The whales (the "big fish," though whales are mammals) are receiving messages that appear to be a subpoena from the San Diego court system, and they include personal information, such as the recipient's name and contact information. They look very real, but everyone should know a subpoena is sent in person. Still, when something sounds highly legal and addresses you by name, you're more inclined to check out out.
There's a link included for more information. Since not many CEOs want to risk running afoul of the law, and their assistants are likely to research any messages like this before sending them on, people are clicking these links that download a trojan and begins to record key strokes. Only about 40% of these messages are being caught by any AS/AV software.
We've got a few examples and have applied signatures where possible, to the virus itself to catch it with AV and to the message to get the AS to catch (Bayes doesn't give it a low enough score to throw it into junk mode). But we need more. One of our CEOs has been running around panicking all day and interrupted meetings to say we need to be on top of this right NOW and why didn't we bring it to his attention, blah blah. Well, most of us deal with junk and virus messages that get through and how to stop them. We don't sit there all day looking at stuff that was sent to junk unless people report something in their junk boxes as not being junk. And then we deal with it. Apparently we ARE catching it, so of course we wouldn't see it.
Anyway, we need more of these messages. If you get one, or any message that is targeted (as in by name rather than a completely generic message that's "Dear Valued Customer," could you please save it as .eml if possible, and contact me?
Thanks.