Press Release
Release Date:
April 14, 2008
Cyveillance Identifies Sophisticated Spear Phishing Attack Targeting CEOs
63 Percent of Anti-Virus Companies Unable to Detect Targeted Attacks
Claiming to be from U.S. District Courts
ARLINGTON , Va. , April 14, 2008 -- Cyveillance, the world leader in cyber intelligence , today announced it has identified a new spear phishing attack launched by criminals impersonating the U.S. District Courts. The size of this attack is not yet known, but security managers should ensure that personnel, especially executives, are aware of this latest phishing threat. The U.S. District Courts are aware of the attacks and are taking the appropriate security measures.
“While Cyveillance comes across thousands of phishing attacks, today’s is unique because it highlights the extent to which cyber criminals will manipulate emails to defraud the public,” said Panos Anastassiadis, CEO and Chairman of Cyveillance. “Through the personalization of fraudulent emails, spear phishers use reputable sources to add credibility to their attacks and create an extreme sense of urgency, catching victims off guard. This recent attack highlights the need for organizations to proactively monitor and communicate malicious threats to its employees and customers.”
Spear phishing is an e-mail attack that targets a specific organization or group of individuals, seeking unauthorized access to confidential data, usually appearing to come from a trusted source. In this case, the email instructs targets to appear at the U.S. Courthouse and provides a link to download the subpoena for specific information. By clicking on the link, victims are taken to a Web page that claims the case has been closed and no further action is required from the visitor. However, clicking on the link not only launches this loading page, it also downloads a Trojan-Downloader onto the user’s computer which is undetectable by 63 percent of Anti-Virus companies, according to Virustotal. Specific information about the malware used in this attack can be found at: http://www.cyveillance.com/cyberintel/blog/default.asp
About Cyveillance
Cyveillance, the world leader in cyber intelligence, provides an intelligence-led approach to security. Through continuous, comprehensive Internet monitoring and sophisticated intelligence analysis, Cyveillance proactively identifies and eliminates threats to information, infrastructure, individuals and their interactions, enabling its customers to preserve their reputation, revenues, and customer trust. Cyveillance serves the Global 2000 and OEM Data Partners – protecting the majority of the Fortune 50, regional financial institutions nationwide, and more than 30 million global consumers through its partnerships with security and service providers that include AOL and Microsoft. For more information, visit http://www.cyveillance.com.