MessageLabs Inc, A company designed to protect electronic communications for its business clients, recently discovered a new method for online computer thieves to steal confidential data. This time the hackers are aimed directly at CEOs.
Over a 16-hour period in September, the company discovered 1,100 emails from a supposed employment agency containing files allegedly offering information on potential job candidates. The emails included personal details of the targeted executives, such as full names and position titles, in order to seem more reputable.
What MessageLabs discovered is that the files, most of which were in Microsoft Word format, included Trojan horses designed to steal corporate secrets.
Trojan horses, or Trojans, have been around for quite some time in the computing world. They become installed when a user unwittingly opens a program containing malicious code. The program then infects the computer, allowing hackers remote access. More recently, hackers have been able to develop Trojans that install themselves after a user opens an image or PDF file containing the rogue program.
In the past, similar attempts at data mining included “phishing” schemes, where scammers who posed as reputable sources sent out emails asking for personal information such as bank accounts or social security numbers.
The danger with the new methods, as experts point out, is hackers are becoming increasingly adept at making infected email attachments appear legitimate and increasing the chances that those files get opened by the recipient.
Commentary: Trojans can come from more than just emails, it’s also possible to acquire them through downloads, websites, peer to peer programs and, on rare occasions, physically being installed on a computer. Although they have been around for awhile (at least since the early 80′s), many people are still oblivious towards the harm they can cause.
The quick fix: keep business computing use for business purposes. Don’t put yourself at risk by viewing less than reputable websites or downloading unnecessary programs. And, most importantly, if you get an email attachment from a sender you don’t recognize: don’t open it!
