A provider of online security services has uncovered a highly sophisticated phishing scheme that has already duped at least 1,400 US executives. They were fooled into sending sensitive information in response to an email purporting to come from officials at the Better Business Bureau. The ruse starts with an email addressed to …
Why don't they attack congress(wo)men like this...
Maybe if our (USA) lawmakers get attacked and nasty details are published, it MIGHT (sometimes I doubt it though!) get some action. Unfortunately most lawmakers don't directly read their email as it is probably all printed out for them.
For those in the UK, s/congressman/MP/ .
Of course, a good secondary target might be executives at the Direct Mail Marketing Association.
In the mean time, we can only hope that someone will "get a clue".
Just how did reverse engineering the browser's helper object let Joe Stewart know that 1400 execs had taken the bait ?
And why am I now reluctant to click on his company's link ?
Nice to see...
that browser helper objects are still loaded by default. The functionality can be disabled. During my time in the internet security field, I came up with a proof of concept which showed exactly how a BHO might do this exact thing. Kind of strange to see it popping up in the wild some 6 years later. We informed MS at the time that it was a massive security risk. Especially given the rapid popularity online banking was gaining. Everything changes, but of course, nothing changes.
You'd have thought they'd known by now
Yet another ruse that targets IE.
One wonders how M$ can carry on so much about 'security' when their browser continues to be as secure as a wet paper bag.
When will the corporates grow up?
"something fishy" can you read?
Reverse engineering lead to finding a website, finding this website lead to the discovery of data for 1400 execs. So what's fishy about that?
Why target our lawmakers (Congress, MPs, etc)? They were looking for information of value, not the stuff that goes into laws. That's useless, even more so once it gets published.
Now lobbyists. I'd pay for that information.
Catch and Release ?
Let's see ... I'll develop an effective hook, hand-craft at least 1400 emails and after all my trouble I'll "store" my precious catch in a public place.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?