MessageLabs, in its June intelligence report, revealed Thursday it has intercepted more than 500 targeted attacks that used an e-mail with a Microsoft Word document attached that contains embedded executable code. All of the attacks targeted senior executives across a number of organizations, the e-mail security managed-service provider said. When opened, the executable code activated the Trojan.
The e-mails' subject lines typically use words that refer to some current world event or news story. Some of these malicious e-mails are made to look like legitimate e-mails distributed to find leads in the case of a missing British girl. The e-mails also contained a PowerPoint file with highly specialized code for downloading malware onto users' computers. This attack is reminiscent of the recent StormWorm attack, which referenced the stormy weather conditions present throughout most of Europe at the time.
MessageLabs said it has also intercepted e-mails where the recipients are related or otherwise linked to the actual target, for example a spouse or dependent of a CEO. "The intent is to compromise the family computer and indirectly gain access to confidential correspondence and intellectual property relating to the target," the company said.
Of the attacks MessageLabs detected, most targeted chief investment officers (nearly 30%), followed by CEOs (nearly 11%). Presidents received about 9% of the e-mails, while CIOs received more than 6.5% and CFOs received 5.5%.