Personalized e-mails with fake subpoenas link to Trojans, according to reports.
There’s always a new wrinkle, but one that’s just begun to surface is particularly insidious. E-mails personally addressed to a company’s chief executive, containing fake subpoenas,and asking the person to click on a link to access court documents. The problem is that the link installs a Trojan on the businessman’s computer. According to Norwegian securitycompany Norman, which has reported the scam, the e-mails are very convincing. They claim to lead to US courts, but in fact come from a server in Jinan, China. Therecipient is asked to install a plug-in to access the documents, but in fact installs the Trojan, taking the form of a digitally signed CAB archive. That extracts a file called ‘acrobat.exe,’which installs ‘acrobat.dll.’ This gives the Trojan access to all data that passes through the web browser and Windows Explorer. Norman’s chief executive, Trygve Aasland, said, “It is likely that a large number of people are tricked and infected, given that these emails look very real.”
