Yes Virginia, they really are out to get you . . . (Spear phishing for fun and profit)

Not content to let the Chinese dominate the attachment based espionage game . . . it looks like the Russians are finally getting in on the act: http://www.first.org/newsroom/globalsecurity/157668.html
I think it's pretty awesome that MessageLabs has the capability to detect and block these types of attacks.
This looks like the full link to where you can download the report: http://www.messagelabs.com/intelligence.aspx, direct link to the PDF here: http://www.messagelabs.com/mlireport/MLI_Report_September_Q3_2007.pdf

It appears that the Word documents are actually just RTF files that contain an embedded .SCR file (which is an executable file type) and the Word document when opened just shows the embedded RTF file with a filename designed to socially engineer the user into launching it. It doesn't appear that any exploits are being used here - just good old fashioned social engineering.

Published 07 October 07 10:09 by Robert_Hensing

Comments

# vinoo said on October 16, 2007 2:36 AM:

McAfee has blogged about malware embedded in rich text files in the past:

http://www.avertlabs.com/research/blog/index.php/2007/05/25/rich-text-malware/

Anonymous comments are disabled

Search

This Blog

Home
Email

Robert Hensing's Blog

Yes Virginia, they really are out to get you . . . (Spear phishing for fun and profit)

Comments

Search

This Blog

Tags

Archives

Syndication