Friday 8 December 2006

Ciao! Interesting Social Engineering Attack

Here's an interesting way of getting your victim to download a Trojan horse. Some users in Italy have been receiving messages "from" a lawyers' office that appear to be replies to a message that the victim never sent.

The messages warn the victim that the lawyer has received pornographic spam from them, threatening the victim with legal action if it happens again. It goes on to say that the victim probably has some sort of virus on their PC and suggests that they download a virus cleanser, to which there's a helpful link in the message.

Of course, the link downloads a Trojan.

Not only that, but the names used for the lawyers seem to be real organizations. I've heard reports that at least one legal firm has four phones permanently tied up with victims calling about these "threatening-yet-helpful" messages apparently sent by the lawyers.

Like this post? Please Digg it, so others can find it.

Hat tip: Symantec's Security Response team.
Also noted by Paolo Attivissimo and Luca Curatola of Neodigital2k.

1 comment:

Anonymous said...

Very interesting. At the company I work with (anti-spam company) we are currently looking into something similar to this. Thanks for the information.

Post a Comment