diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Trojan targets top executives

Top-level employees of publicly listed companies are being targeted by cybercriminals using malware-infected RTF documents disguised as recruitment letters.

Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said.

“All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. What it had in the attachment is an executable RTF file,” a MessageLabs representative said.

Similar e-mails were noticed in June, the representative said.

The e-mail, which contains no body text, includes a .scr screen-saver dummy file within an executable RTF file, the representative said. When recipients attempt to open the file, a message is displayed stating: “Microsoft has encountered an error and had to close.” The recipient is then advised: “To view this, double click on the message.”

Once activated, the RTF file starts a chain of downloads that establish a secure connection between the attacker’s server and the infected computer.

The top-level nature of the targets clearly indicates that the attackers are after information, the MessageLabs representative said, but the greater concern is the social-engineering technique used to spread the Trojan-harboring e-mail.

“The way that this works has the potential to be so effective. You are getting that top-down approach–if they forward that e-mail on internally, that e-mail is coming from a trusted source,” he said.

Full Article

Malware, Trojan, RTF, Document, Email, E-mail, HRD, Recruitment, Employment, Resume

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!