RealTime IT News

Spammers Are Playing Your Boss For A Sucker

Gags about protecting the boss from himself are a sitcom and Dilbert staple, but they may prove more real than you might believe. One of the latest scams is to target C-level executives with deceptive spam.

Messaging security and management services provider MessageLabs has noticed emails targeting C-level executives for at least the past 18 to 24 months. But in its latest Intelligence Report, MessageLabs said it's seen an explosion of such efforts in recent days, with more than 500 individual e-mail attacks targeted toward senior management types on one day.

The attack was so precisely addressed that the name and job title of the victim was included within the subject line of the e-mail, according to MessageLabs. The letters were targeted at CEOs, CFOs and CIOs, as well as Directors of Research, Directors of Development and company Presidents.

These emails had a Microsoft Word document attached designed to look like a generic invoice, which contained embedded executable code. When opened, the executable code would activate a Trojan component that would then compromise the victim's computer.

At that point, it might be very easy to sneak the Trojan into the company. "Most C-level executives think their network is well protected so they just forward it on to an assistant. If you get a letter from your CIO saying 'take care of this' are you going to question your CIO? So you open it and there's malicious code embedded," said Dave Hahn, director of product and market strategy at MessageLabs.

This type of spam is being done for the purpose of industrial espionage, which Hahn said is more prevalent than many may think. "The use of corporate or industrial espionage is a bit of a cliché but its very real where people harvest information for resale. These are often targeted at companies with high levels of information on their systems," he said.

Plus, it's getting easier than ever with programs like WebAttacker to built spyware , Trojans   and keyloggers . There are toolkits floating around on the underground of the Internet that are literally the virus writer's equivalent to Visual Studio, where you can build your own malware with a GUI interface.