Spear Phishers Hunting PR Firms and Lawyers, Says FBI
The FBI today warned that scammers using uniquely spoofed subject lines designed to engage recipients with specific business content, are targeting U.S. law and public relations firms with spear phishing e-mails containing malicious payloads.
The FBI said that the e-mails seem to originate from a trusted source based on the relevance of the subject line and hackers are trying to exploit the ability of end users to launch the malicious payloads from within the network by attaching a file to the message or including a link to the domain housing the file and enticing users to click the attachment or link.
Once executed, the malicious payload will attempt to download and execute the file 'srhost.exe' from the domain 'http://d.ueopen.com'; e.g. http://d.ueopen.com/srhost.exe. Any traffic associated with 'ueopen.com' should be considered as an indication of an existing network compromise and addressed appropriately.
The malicious file does not necessarily appear as an 'exe' file in each incident. On occasion, the self-executing file has appeared as other file types, e.g., '.zip', '.jpeg', etc.
The FBI meanwhile states that fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users' "friends", giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected, the FBI stated.
Another fraudster favorite involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software, the FBI stated.
Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your "friends" list, instructing them to download the new application too, the FBI stated.
Earlier this month the FBI warned that cyberthieves were hacking into small- and medium-sized organizations and stealing millions of dollars in an ongoing scam known as ACH (automated clearinghouse) fraud that has moved about $100 million out of US bank accounts.
Then in September, the FBI warned that three separate e-mails making the rounds that promise access to FBI terrorism reports are nothing more than malicious software looking to steal your personal information.
The FBI warning follows a report issued this week that was critical of US national cybersecurity in general. The Government Accountability Office said: "The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, and other critical services. As government, private sector, and personal activities continue to move to networked operations, as digital systems add ever more capabilities, as wireless systems become more ubiquitous, and as the design, manufacture, and service of information technology have moved overseas, the threat will continue to grow. "
The GAO said the three most prevalent types of incidents reported to US-CERT during fiscal years 2006 through 2008 were "unauthorized access (where an individual gains logical or physical access to a system without permission), improper usage (a violation of acceptable computing use policies), and unconfirmed incidents that are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review."