Far more dangerous than a normal e-mail attack, targeted at¬tacks choose a particut'ar person as the prospective victim and tai¬lor their message to that recipient. Since their creators craft the messages carefully (with few spelling and grammatical errors, for example), these assaults l§ck tell-tale indicators and thus stand a far greater chance of snaring a victim.

A recent e-mail blast sent out to LinkedIn users followed this pattern The e-mail, which appears to have come from support@linkedin. com and addresses LinkedIn members by name, purports to provide a requested list of exported business contacts. In reality, the attachment launches a mal¬ware strike against anyone who double-clicks it.

LinkedIn is mum on the question of how attackers managed to lift the contact information for the 10,000 users who received the targeted messages, but similar attacks against Monster.com users last year relied on contact data stolen via a Trojan horse malware infection. Using attacks masquerading as messages from the Better Business Bureau and the Internal Revenue Service, scammers may have lifted names and business titles from profiles on social-networking sites and even company Web sites. And a Hungarian site recently disclosed a Twitter vulnerability that allows anyone to type in a URL and see supposedly private messages.

Name: 176912-480-335.jpg Views: 46 Size: 43.3 KB

Like nontargeted attacks, the tailored messages direct potential victims to open an attachment or to visit a Web site, which then New, neatly tailored e-mail messages-and their payloads-could be focusing on you. launches an assault. Patrik Runald, chief security advisor with F-Secure, says that some attacks in the past directed users to visit a site that tried to install a malicious ActiveX control. The control was
signed with a valid but stolen certificate to avoid the warnings about installing an unsigned ActiveX component-another example of the sophisticated planning that goes into this type of con.

Runald says that targeted attacks-particularly those launched against high-profile targets such as military or defense contractors, government agencies, and certain nonprofit organizations (including groups concerned with Darfur and Tibet)-typically use Word documents, PowerPoint files, or PDFs as attachments. E-mail attachments have enjoyed a recent resurgence as attack vectors after falling into disfavor among crooks for some time.

As always, exercising caution is essential to protecting your system from poisoned e-mail links or attachments. Make it a habit to run suspect links past free online scanners such as LinkScanner. Another way to avoid being attacked by a booby trapped attachment is to open it in a nonstandard program. For example, opening a suspect PDF with Foxit Reader instead of with Adobe Reader would likely neuter it-which is all the more reason to tryout alternative applications.