« Minimizing Spam | Main | Know Your Crimeware »

As if every day doesn’t bring a brand new threat, I’ve come across this report on CIO Today warning against spear phishing, or targeted spam, called that because the sender is able to make it look like the e-mail is coming directly from within the organization. As you can probably guess, that makes it more difficult for spam filters to spot.

Recently, some employees at Dekalb Medical Center in Decatur, GA, received e-mails that said they were being laid off. The e-mail's subject line read, “Urgent – employment issue” with the sender listed as dekalb.org, the same domain the medical center uses for internal e-correspondence.

The e-mail contained a link for more info, and several employees, obviously concerned, clicked on the link, in turn downloading a keylogger program that could record their every keystroke.

Apparently, this type of spam, where spammers can spoof the sending e-mail address to make it look like it’s inter-office e-mail, is on the rise. Also, the fact that spammers are only sending a few of these messages out at a time makes it doubly difficult for spam filters to pick-up and block en masse.

“We blocked a ton of spam at our e-mail gateway because the [sender] addresses are not valid, but these were," says Sharon Finney, information security administrator at Dekalb Medical Center that has 3,500 employees

The IT department only heard about the ruse because a frantic employee called HR, who in turn called the CIO. Immediately, IT set the web filter to block all employees from visiting the site (even if they clicked on the link) that contained the malware.

So now, instead of malware coming packed in somewhat pleasant holiday greetings, they are coming disguised as “You’re fired” messages, and with the e-mail address looking like it’s from inside the company, I can imagine more then a few people getting ‘speared.’

Many experts predict that targeted spam is the wave of the future, and will be sent out in more discrete, and less easy to detect, trickles, instead of fire-hose blasts. While there are ways of detecting these types of attacks, as the HTML is written in a way that some filters can detect as suspicious, is Dekalb’s case, several machines were inevitably infected, and IT spent hours cleaning up the mess.

This really just represents the coming challenge for e-mail security companies, as spam becomes much more criminal in their attempts at gathering people's critical information and much less about selling something useless to someone.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1168