MessageLabs Reports Rise in Targeted E-Mail Attacks

By Brian Prince  |  Posted 06-29-2007

Cyber-thieves have set their sights on C-level executives with sophisticated social-engineering techniques designed to steal data, according to security researchers at MessageLabs.

In its monthly report, MessageLabs recorded a sudden spike in the number of targeted attacks June 26, intercepting some 500 attacks that used e-mails with Microsoft Word document attachments containing malicious code.

The surge, while unusual in its magnitude, follows an increase in the number of targeted attacks MessageLabs researchers have seen during the past few years, said Mark Sunner, chief security analyst for MessageLabs, in Gloucester, England.

"What we are dealing with here is data theft of the highest order," he said, adding that the document attachments in the e-mails contained Trojans that allow for remote code execution.

In the case of the blast of 500 e-mails June 26, the attacks were so precise that the name and job title of the recipient were included in the subject line. Roughly 30 percent of the e-mails targeted CIOs, while CEOs and presidents were targeted about 11 percent and 9 percent of the time, respectively.

Click here to read one researcher's claim that the amount of "pump and dump" spam actually decreased in June.

In the report, MessageLabs officials stated researchers also uncovered e-mails where the recipients were relatives of the actual target. For example, an e-mail would be sent to the spouse of the CEO.

"The intent is to compromise the family computer and indirectly gain access to confidential correspondence and intellectual property relating to the target," according to the report.

Phishing attacks have become much more targeted as well, with e-mails that feature the recipient's correct name and e-mail address in the "To" and "Subject" lines, according to the report.

The report also noted that image spam now accounts for 20 percent of all spam targeting businesses, and that it has evolved from static, in-line attachments to dynamic hosted images often linked to stock spam messages.

"The earliest examples appeared during June in the form of Adobe PDF attachments, constructed to appear as a professionally designed, legitimate stock trading newsletter," the report reads. "These PDF attachments often contain images that also appear in more traditional image spam highlighting the recycling techniques of spammers by using old tools and images in new ways."

On June 26, security vendor Marshal declared a drop-off in the amount of pump-and-dump spam recently associated with such PDF attachments, though its figures were disputed by researchers at Sophos.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.