Meet NEWT. |
|
April, 2008 A new twist on a well-used targeted attack disguised as a subpoena from the United States District Court has duped unsuspecting corporate exeutives to visit a website where they are infected with key logging software and backdoor access. The new attacks, which are similar to those used February of 2008 claiming to be from the Better Business Bureau, are targeted directly at the executive office. The fake subpoena includes the executive's name, company name and telephone number, thus increasing the apparent legitimacy of the email. When the recipient of the email clicks on the included link to download additional documention the subpoena, they they are asked to download and install an ActiveX Control in order to use the page by clicking "Yes". Clicking "Yes" triggers a download of malware onto the users system. Click here to see full-size of image at left. Unlike previous threats, users must click on the link to activate the malware download. It is recommended that users do not click on any links in the email to visit questionable sites. Because it is a targeted attack, this type of malware attack is not typically blocked by filters looking for high-volume attacks. In addition, the attack circumvents traditional anti-virus methods by shifting the attack to the web, and therefore avoiding signature-based AV gateways. Anyone who receives an email from the United States District Court and wishes to review relevant documentation should visit the Court's webpage directly from their browser by typing in uscourts.gov. You may also view the offical news release concerning these fake subpoenas by visiting the US Court Newsroom page. |