Larger Prey Are Targets of Phishing
By JOHN MARKOFF The New York Times April 16, 2008
SAN FRANCISCO - An e-mail scam aimed squarely at the nation's top executives is raising new alarms about the ease with which people and companies can be deceived by online criminals.
Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive's name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.
A link embedded in the message purports to offer a copy of the entire subpoena. But a recipient who tries to view the document unwittingly downloads and installs software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords and other personal or corporate information.
Another piece of the software allows the computer to be controlled remotely. According to researchers who have analyzed the downloaded file, less than 40 percent of commercial antivirus programs were able to recognize and intercept the attack.
The tactic of aiming at the rich and powerful with an online scam is referred to by computer security experts as whaling. The term is a play on phishing, an approach that usually involves tricking e-mail users - in this case the big fish - into divulging personal information like credit card numbers. Phishing attacks that are directed at a particular person, rather than blasted out to millions, are also known as spear phishing.
The latest campaign has been widespread enough that two California federal courts and the administrative office of the United States Courts posted warnings about the fake messages on their Web sites. Federal officials said they stopped counting after getting hundreds of phone calls from corporations about the messages. At midday on Tuesday, one antispam company, MX Logic, said in a Web posting that its service was still seeing at least 30 of the messages an hour.
Security researchers at several firms indicated they believed there had been at least several thousand victims of the attack whose computers had been compromised.