Beware of emails that mention you and your company by name and claim to be official communications from the US Department of Justice. They're phony and will attempt to install malware on your machine. The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an …
I bet the US Department of Justice make a regular thing of randomly sending out attachments to people. It still amazes me that people will get drawn into clicking this stuff, but then my girlfriend does even though I've had to de-hose her laptop 3 times in a year.
Anyway if I get the mail I'm sure to click on the attachment. After all, being a UK citizen I have regular communications from the US DoJ don't I?
There should be the IT equivalent of a Darwin award for people who are stupid enough to get caught out by what seem to the rest of us to be quite obvious attacks. There'd be a lot given out though :)
Oh, come on...
Oh, come on, how does this make "news"?
"emails that mention you and your company" - Standard spam tactic, usually obvious because most people don't address you as Mr A User.
"claim to be official communications from the US Department of Justice." - and virtually anything that claims to be "official" via email ISN'T. How many people (who don't work in law) regularly get emails from the US Department of Justice that are genuine?
"They're phony and will attempt to install malware on your machine." - you don't say.
"The emails, which claim to reference a complaint recently filed by a business associate, invite the recipient to click on an attachment..." - Woop, Woop, Red Alert. Attachment. Invite to click Attachment. On unsolicited email. Welcome back, 1991.
"In May, security researchers from SecureWorks reported that emails purporting to come from the Better Business Bureau duped 1,400 business managers into installing a post logger on their machines." - then that's another 1400 businesses to blacklist and 1400 potential job candidates to have their CV's thrown in the bin.
"Spear phishing emails are notable for their impeccable grammar and spelling, a characteristic that distinguishes them from many of the plain vanilla phishing scams out there." - Oh wow. They can finally spell. Yes, the bad spelling was always a give away in the past but why do we make a whole new type of scam just because they learn to use a spellchecker?
"Other recent spear phishing campaigns have masqueraded as emails from the Federal Trade Commission." - No. Really. Another institution that probably NEVER sends email to anyone except for internal use. And certainly doesn't send it to Joe Bloggs who owns a company. And certainly not uninvited or anything "important".
"According to Websense, none of the major anti-virus companies detect the Trojan included in the fake Justice Department emails. That's likely to change in the next 24 hours, if it hasn't already."
Oh, come on, seriously. Why is this news? Idiots fall for quite obvious scam because of poor training, poor computer security, all because it was spelled correctly.
If you're gonna do this sort of article, can we at least name the 1400 "victims" publically so that we can all raspberry at them.
Its the same as people who get these annonymous spam letters through the door that says something along the lines of "You have won £1,000,000, just send £999,999 to claim your prize" and think it's a good idea to reply to them.
I really wish the stupid would stop breeding
What is new about this kind of attack? Surely they've been around for years.
There IS a special IT Darwin award reserved for idiots who click links on spear-phishing emails. It's ver' special.
If you'd like to see it, click here.
I reckon if they came with "Nasty Trojan contained within this .exe, please extract and install having first disabled your AV software" in the subject line, your girlfriend would still do it. I know mine would, then make out I'm some sort of moron for:
1. Not having a having a secure network. "This wouldn't happen in work", of course not darling.
2. Not dropping everything to cleanse / reinstall the OS. Cyberstalking fat ex-schoolmates on Facebook is a serious business you know.
3. Not buying the good AV software (like Norton apparently) and for ignoring the "you may have a virus, click here to make absolutley sure you have" banner adds on doilookfatinthis.com
** This isn't an attack on Women, I realise chewing gun and walking in a straight line is an achievement for most of you, you can't be exepcted to deal with such matters. Any teckie chicks, please feel free to flame me.
Sure the title of this piece should be...
...Old Email Scam Article Masquerades as Breaking News on The Register
they could try...
I love people that try and install this stuff on my system, being a linux user, they don't really get very far. I like the fact that the majority use windows, it means there's less viri for me :)
Why in earth should any of the many intelligent, technically-competent women on this planet flame you? We're very pleased for you: you've obviously got the mate you deserve.
@ M Braun
You "wish the stupid would stop breeding"? After the revolution your eugenics programme will prevent folks who don't conform to your world view?
Lots of "stupid user" elitism going on here! Not everyone is an IT expert with a nose for the fake vs. the genuine. Ordinary people have to use our products too. If they were all IT experts like us, we wouldn't have cushy jobs as IT experts :-)
Move on please...
...no news to read here.
So where's the Mac version then?
Im frustrated that these virus writers keep ignoring us Mac users. We are always being left out when it comes to malware, viruses and trojans.
There really is no excuse now especially when so many of the IT professionals that that contribute to this journal keep telling us how insecure OS X is.
Now that Mac market share is up at around 5% and much higher than that amongst the more affluent of computer users, you would at least expect Mac's to get around 5% of all viruses. Ha... if only, in your dreams mate.
I've spent the last 6 years double clicking on every attachment that I have found in spam email and you know what... Zilch. Nothing. Bugger all. Not one bloody pathetic infection or security breach... Not one. And I've even gone so far as to NOT install any AV software.
Does it matter? Well yes it does. This pathetic state of affairs is keeping Macs out of the enterprise as it seems no platform is allowed on the corporate desktop unless it has a comprehensive list of real world security issues.
And that really is a shame.
Plural of virus..
viri (which means 'men')
But then, being a Linux user, you should have known that....
a linux user...
Can you repost your message as the Click Here link doesn't work.
Of course, you could always email the self-extracting zip file to me.
Are people _still_ that stupid?
I think the story here is that, despite malware and phishing making mainstream news, some people are still stupid enough to fall for these.
RE: @ M Braun
It is not necessary to know anything about IT to know that these are a con -- it just requires the natural scepticism used in everyday life, if a similar thing came by snail mail would they fall for it? You're almost making it sound like it's software, or "IT"s fault that this kind of thing happens -- when the only way to prevent it is to stop idiots from using computers.
Can you hear that?
It's the sound of the Mac and Linux fanbois beating their way to the thread...
Of course the people that are likely to open these attachments are not likely to use Linux of any flavour but that won't stop the fanbois, oh no!
I thought OS X WAS a virus? ;)
Ok I'll grab my flame retardant coat now...
I know Steven your right. It's a bit like getting Sean Connery to recite the nursery rhyme Sing a Song of Sixpence.
It's cruel and we know we shouldn't do it, but we just can't help ourselves... ;)
... for these emails. Not got one in my spambox. What's the chances of it being addressed to the name I use on the internet?
Or will someone have actually hacked a database with some *real* data in it?
Don't read this comment
I once, to prove a point, sent a few people a little VB application as an email attachment. The attachment was called "donotrunme.exe" and when you ran it, it came up with a box with a big button saying "Danger. Do not click this button". Clicking on the button brought up a sarcastic message from me explaining that they probably should take more care of what they click on, and emailed me to let me know they'd clicked it.
I can't remember the exact figure, but it was well in excess of 50% who clicked it.
Snail mail a good and bad example...
Although it's fair to say there are a lot of silly people in the world that just don't learn as fast as, say, pigeons, it's almost explainable. To liken it to snail mail scams, no, people probably won't fall for it. But they happily open the letter, sometimes reading it out of curiosity, and if the instructions say "peel back the label/scratch the panel to see if you've won" they probably will, again out of curiosity or good humour.
The difference in the IT world, is that in some cases it's enough to open the letter to read it to mean you've fallen for it. By extension, you can assume the attachment to be one of the "peel back the label" gimmicks and curiosity always gets the better. No-one expects there to be anthrax behind that label (the only snail mail analogy I can think of).
Still, keeps Norton and co in business. And don't pretend that anybody here has never secretly loved the fact that they are the only person that a loved one can call to sort the mess out. It's a chance to wear the superman outfit.
OS X and Linux are cancers, not viruses (according to Microsoft's scare-mongering anyway).
@Steven and Maliciously Crafted Packet
You may mock, but only a wise man would hand over enough money to kill off the national debt of the third world so that he cab run emacs in bash :-)
@Maliciously Crafted Packet
<heh heh> Nicely written and even WITH the irony it still acted like a stick poked in a cage...
Mr I. M. A. Smugg-Git
Did you read it?
Did you actually read the article?
Of course people will open and read the email, and probably open the attachment. These people are sitting behind a MessageLabs mail filter and never *ever* see spam, phishing emails or 419s hitting their inboxes at work. Then they get an email that addresses them by name (like all their other work email), and is grammatically indistinguishable from their normal work email. In short the email cannot easily be shown to be dangerous. Unless you are uber paranoid you will probably open it.
This isn't so much a user education issue as an IT department issue - why is the user able to run unvetted executables, and why can they do it with anything other than userland privileges?
Windows can be secured and is secured in some establishments - I can't even view CCTV footage here at work that's been sent up to me without getting IT to generate a hash and temporarily enable running of files on my PC that match that hash. It's a pain, but it means I (and IT) don't have to worry in the slightest about me running "readme.txt.exe"
As for the folks saying "oh but I live in the UK so why would I get an email from <insert US government department>?" Try reading the article once more - the emails are targetted so you *won't* get one from a US government department. You'll get one from a UK based organisation. I despair sometimes, I really do....
I choose the flame thingy 'cause I R annoyed.
Quite recently the NY Times ran an article, with name, address, and company of a fellow who got speared by the phishers, even his picture I believe. The Times is less obnoxious than it used to be about availability of recent articles, so you might be able to find it.
Now this article will be copied word for word by some idiot and forwarded to everyone on his/her contacts list, with the addendum FORWARD THIS 2 EVERYONE U KNOW EVEN IF U DON'T CARE ABOUT THEM THIS IS 4 REAL.
Any teckie chicks, please feel free to flame me.....
As if we could be bothered....
and as if you have a girlfriend rofl
Are you THE Jolyon Ralph?
Yikes, with the security flaws in your scripts, you shouldn't laugh too hard.
By the way, cform is still alive.... but only just.
Mac OS X and linux can't be a cancer. Cancers spread. :)
Vista, now there is a cancer.
" impeccable grammar and spelling "
Anyone who wants to go on teh intarwebs is just going to have to learn that big words and perfect grammar are the surest sign you're being trolled....
How are people more likely to trust correctly spelled email messages when 95% of the work mail they get must contain at least half a dozen errors?
I offer the comments above as evidence whilst I run to get my coat.
I work in a library
We get mail from the fed and the C of C all the time. We have been seeing these for a while now and they are a problem. Our staff has bare minimum computer skills and most don't have a computer at home, so how does you comments about ID10T users help? I have been reporting these mails to the gov. for at least a month and we are seeing fewer of them now. By the way as a library we can not block a domain our users have email with every fly by night ISP in the country. One of our biggest problems not blocking legit email.
There is an award: It's called data loss. I think these individuals are very worthy of such accolades ;-).
"Of course the people that are likely to open these attachments are not likely to use Linux of any flavour"
That's the point, isn't it? The stupid use Windows. The stupid get infested with malware.
I use Windows, Linux, OS/2 Warp, and some obscure OS whose name escapes me right now (it's embedded... Oh yes, PalmOS). I don't get infested. My wife, whose PC is within my firewall's protection, and whose PC is (by my judicious use of a 500k hosts file) incapable of visiting most of the know malware distribution sites, doesn't get infested; I also run the mail server she uses, and guess what? In the rare event that something slips by the Draconian security I have installed on the mail server, she phones me and asks if I know someone names so-and-so who might send me some email about such-and-such, or should she just delete it? *She* *doesn't* *open* *it*. She's not a techie gal, but she's not an idiot, either (although, as she married me, her sanity *is* questionable).
So, sure, the Mac and Linux fanbois are going to jump on this. They're going to point out that Windows is insecure *by design*, and no amount of user education will fix that *if* the user is as stupid as the OS.
Oh yes they do
I work for a company that has recently been in receipt of two unsolicited communications that were genuinely from the US DoJ and the European Commission respectively. They both related to the same issue and one of them contained an attachment (an Excel spreadsheet). So, I am afraid that it does happen and it is easy to see why people get taken in, especially if there is nothing obviously wrong with the e-mail. These organisations don't just deal in big-league international intrigue and more often deal with lots of small mundane issues that affect random small businesses.
Having said that, we to took the precaution of independently verifying the sources of the mails and their validity before doing anything....
Dunno about you folks, but one of my banks, various departments at my workplace, my ISP, and two of the three hosting providers I use _regularly_ send me email that smells like phish. I can only assume one of three possibilities:
1) The major shareholders are setting me up for the mother of all phishes.
2) Their website and customer-service were set up by the CEO's 12-yr-old nephew.
3) Their website etc. were set up by the one company to underbid the CEO's nephew.
But in any case, sufficiently advanced cluelessness is indistiguishable from malice.
For anyone who is interested in looking at some of the reasons why "user" security is such a problem, I would recommend reading Peter Gutmann's draft document at http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf
I don't think that claims of Darwinism in action really stand up to scrutiny when IT people, and particularly IT security people, can't understand that their systems are actually used by genuine human end users.
If I had my way, the govt of Australia would manage certificates for all departments - the top level public cert issued by PM&C or dept comms - and all outgoing mail would be *signed* and have a *certificate chain*..
All employees would have two email accounts - an official one and a personal one. Official mail is signed and archived. Personal mail gets a warning added to the effect that it is not officiial communication.
Lots of "stupid user" elitism going on here!
Yup. There sure is pardner. And your point would be?
its not the users ...
it's the sysadmins. (And I'm including those who set up the computer for dear old aunt Doris here) If you are going to allow some IT illiterate an account which allows installing .exe progs on the machine, you shouldn't have the job. Come on, ladies & gents. Even win2k had the facility of protecting users from themselves. I'm writing this on a Vista box (blush) and I make sure that even I have restricted user privileges for general use - why in this day and age are people setting up accounts for the IT incompetent any other way?
There are more non-geeks than geeks
Doesnt matter how intelligent you are, but if you do not use a computer that often, you surely are in the position to fall for "spam scams(tm)".
My grand parents (and to some extent my parents) do not use the internet that much, so they dont know whats real and whats fake.
Telling fake from real is fairly hard. Take most of paypals spam, without looking where the links go (viewing the source is not something that most people would do) how can you tell if its legit or not.
Some of the spam scams dont even suggest logging in (although you do have to eventually), and to top it off they have a nice info at the bottom on how to spot fake emails...
@ M Brown
The difference between those "send me £999.999 and get 1 million" scams is the fact they dont pretend to be a legit company (i.e. pretend to be your bank) who is after your credit card details/personal info.
@MCP - "So where's the Mac version?"
Shirley the Mac OSX platform would be ideal for such an attack. Mac users are supposed to be point-and-click people who expect to be safe and that everything "just works".
Sure, there are fewer of them but they should be an easier target. Like shooting phish in a barrel.
Ya know, if you were at home and people kept coming round and infecting your PC, you'd do something to stop them. Just because you're a (presumably public) library doesn't give residents the right to do anything they want. Read email bodies fine, open infected attachments? Surely not.
Our local libraries are subject to local council policies regarding IT. Corporate policies include website filtering and anti-virus and anti-spam packages. If all else fails there is corporate imaging to restore an infected machine. But nothing says "no" like a librarian when asked "can we open this attachment from the DoJ at our local library on our personal mail".