New emails address you by name, then try to hose your PC
Spear and spell
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Beware of emails that mention you and your company by name and claim to be official communications from the US Department of Justice. They're phony and will attempt to install malware on your machine.
The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an attachment that contains a nasty Trojan, two separate security firms, MessageLabs and Websense, are reporting.
The practice of trying to extract sensitive information by sending highly personalized emails is generally called spear phishing, and it's proved to be successful in the past.
In May, security researchers from SecureWorks reported that emails purporting to come from the Better Business Bureau duped 1,400 business managers into installing a post logger on their machines. The loggers siphoned sensitive information that passed through the victims' Internet Explorer browser, including social security numbers, account numbers, and data that normally would be securely cloaked behind SSL defenses.
Spear phishing emails are notable for their impeccable grammar and spelling, a characteristic that distinguishes them from many of the plain vanilla phishing scams out there. Other recent spear phishing campaigns have masqueraded as emails from the Federal Trade Commission.
According to Websense, none of the major anti-virus companies detect the Trojan included in the fake Justice Department emails. That's likely to change in the next 24 hours, if it hasn't already. ®
COMMENTS
@library user
Ya know, if you were at home and people kept coming round and infecting your PC, you'd do something to stop them. Just because you're a (presumably public) library doesn't give residents the right to do anything they want. Read email bodies fine, open infected attachments? Surely not.
Our local libraries are subject to local council policies regarding IT. Corporate policies include website filtering and anti-virus and anti-spam packages. If all else fails there is corporate imaging to restore an infected machine. But nothing says "no" like a librarian when asked "can we open this attachment from the DoJ at our local library on our personal mail".
its not the users ...
it's the sysadmins. (And I'm including those who set up the computer for dear old aunt Doris here) If you are going to allow some IT illiterate an account which allows installing .exe progs on the machine, you shouldn't have the job. Come on, ladies & gents. Even win2k had the facility of protecting users from themselves. I'm writing this on a Vista box (blush) and I make sure that even I have restricted user privileges for general use - why in this day and age are people setting up accounts for the IT incompetent any other way?
There are more non-geeks than geeks
Doesnt matter how intelligent you are, but if you do not use a computer that often, you surely are in the position to fall for "spam scams(tm)".
My grand parents (and to some extent my parents) do not use the internet that much, so they dont know whats real and whats fake.
Telling fake from real is fairly hard. Take most of paypals spam, without looking where the links go (viewing the source is not something that most people would do) how can you tell if its legit or not.
Some of the spam scams dont even suggest logging in (although you do have to eventually), and to top it off they have a nice info at the bottom on how to spot fake emails...
@ M Brown
The difference between those "send me £999.999 and get 1 million" scams is the fact they dont pretend to be a legit company (i.e. pretend to be your bank) who is after your credit card details/personal info.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
