Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Phishers Steal DOJ's IdentityPhishers Steal DOJ's Identity
New spam-based exploits also operate under guise of Better Business Bureau
Dark Reading Staff
November 20, 2007
1 Min Read
You'd think that if you were going to commit a crime, impersonating a major law enforcement agency would be the last attack on your list. But some brassy phishers have got another idea.
According to a warning issued earlier today by Websense Security Labs, there is a new spam attack on the Web that claims to be a message from the U.S. Department of Justice.
The message claims that a complaint against the recipient's company has been filed to the DOJ. The email informs the reader that a copy of the original complaint has been attached to the email. The attached "complaint" is a Trojan Downloader .scr file.
None of the currently available antivirus programs can detect the Trojan, Websense says.
Interestingly, the .scr "screen saver" format is also being used in a different attack being reported today, this one under the guise of the Better Business Bureau.
According to researchers at MessageLabs, the messages purport to be from the BBB and mention employees' specific names and organizations in the subject lines to cover their true intent, which is to deliver malware.
The two attacks are a shift back to malicious attachments, following a trend toward embedded links to phishing sites, MessageLabs observes.
— Tim Wilson, Site Editor, Dark Reading
Websense Inc. (Nasdaq: WBSN)
About the Author(s)
You May Also Like
More Insights
Webinars
How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023What's In Your Cloud?
Nov 30, 2023Everything You Need to Know About DNS Attacks
Nov 30, 2023
