:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

News » Press releases » Norman issues warning over targeted email attacks against CEOs

Norman issues warning over targeted email attacks against CEOs

Add to My Norman Bookmarks

Press release
Oslo, Norway, Friday, 18 April 2008

The data security firm Norman ASA has issued a warning over several targeted email attacks. False subpoenas are issued at large scale to CEOs worldwide in an attempt to make them install a fake plug-in that actually is a trojan and might take over the victim’s computer.

It is reported that an increasing number of CEOs has received these emails, and have been tricked into installing the trojan. Such an attack targeted at a particular set of persons is called a spear phishing attack. Amongst those who have received an email like this is Norman’s CEO, Trygve Aasland, but he luckily works in a computer security firm, and was not infected by the trojan.

The sequence of events is as follows:

The CEOs receive an email that looks like a subpoena addressed to them from the US District Courts in USA, stating they have been sued and need to view the court documents by clicking on a web link.
The email looks very realistic, and in contrary to some other phishing attempts the grammar in these emails is good. It also contains the correct name of the company, the correct CEO and might even contain the correct phone number. This misleads the recipients into following the instructions in the emails. When clicking the link, that seemingly is to the American Courts but in fact leads to Jinan, China, the users are asked to install a plug-in to access the documents.
By doing this the victims are in fact installing a trojan that gives criminals access to data located on the computer. Such data could be company secrets and private secrets like passwords, strategy documents, payment information and so forth. The trojan is installed in form of a digitally signed CAB archive which extracts a file called acrobat.exe. This file then again installs acrobat.dll that gives the trojan access to all data that passes through the web browser and Windows Explorer.

Norman’s antivirus products detected this trojan through the unique Norman Sandbox technology.

“It is likely that a large number of people are tricked and infected, given that these emails look very real”, Trygve Aasland, CEO in Norman says.

If you receive an email as described above or other suspicious emails and are unsure as to whether you have been infected or not, you can find regional contact details on www.norman.com

Information

Audun Lødemel marketing director +47 93446531

Security Information

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Security News and Advisories

>>	Three critical updates for Microsoft systems in June 2008
>>	Three critical updates for Microsoft systems in May 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.