If you’d like to know what a targeted e-mail attack looks like, take a look at samples posted today by antivirus maker F-Secure.
The screen shots, pulled from malware analysis blog contagio, clearly show a greater attention to detail and grammar than the usual clumsy attack e-mails that stand out like a sore thumb. The first two samples in F-Secure’s post lack any clear clues, while the third has some capitalization errors but no laughable grammatical mistakes.
These types of polished attacks are typically sent to high-value targets, and are comparitively uncommon. For instance, last January Google said it was hit by targeted attacks.
But while the contagio samples don’t immediately stand out, they do share a common thread: All have a .pdf attachment. F-Secure warned last year that .pdf’s have become the attack of choice for targeted attacks, and these samples support that warning.
A .pdf attack document almost certainly goes after a flaw in an Adobe program. Keeping up with Adobe patches will help blunt an assault, but if a targeted threat is paired with a zero-day attack against an Adobe flaw, you can still get infected even if your software is up-to-date. Your best defense against a pdf-based exploit is to open it with an alternate program, such as the Foxit reader or even Google docs.