Targeted Attack Exposes Risk of Checking Personal Email at Work
TrendLabsSM engineers are currently monitoring an in-the-wild attack that highlights the underrated and often-ignored risk of allowing employees to check their personal email accounts at work.
Yesterday, one of our colleagues in Taiwan received an email message that spurred what looks like a targeted attack. Unlike other email-based attacks that require users to open the message and to click an embedded link or to download and execute an attachment, this attack’s execution merely requires users to preview the message in their browsers.
The following is a screenshot of the email inbox’s page:
 |
The message in the email above roughly translates to the following:
Subject: Have you ever logged in Facebook from unknown location?
Content:Dear Facebook User,
Your Facebook account is accessed from a computer or device or from a location that you have never used before. For protecting your account security, before you have confirm your account is not hacked, we temporarily locked down your account.
Have you ever logged in Facebook from other place?
If this is not your name, please use your personal computer to login Facebook and follow the instructions to manage your account information.
If this is not your account, please do not worry. Relogin can lead your back to your own account.
For more information, visit our Help Center here: … {link}Thanks,
Facebook Security Team
Previewing the email message prompts the download of a script from a remote URL. The script is then injected to the page to initiate information theft. The data stolen includes email messages and contact information. More importantly, however, the script also enables email forwarding on affected users’ accounts, which sends all of their messages to a specific address.
The email message seems to have been specially crafted per recipient, as it uses each user’s Hotmail ID in the malicious script that it embeds. Subsequent downloads also use specific Hotmail IDs and a specific number identified by the attacker. Changing the number may change the payload.
Employees who check their personal email accounts at work who are victimized gives the attacker access to sensitive information that may be related to their company, including contacts and confidential messages. Companies should seriously consider the risks that this and similar attacks pose, especially since merely previewing email messages already triggers the malicious script’s execution.
TrendLabs engineers are currently working on a more detailed analysis of this attack. Users are advised to exercise caution when opening their personal email inboxes especially at work since attacks like this may inadvertently compromise sensitive corporate data.
Trend Micro already detects the malicious script as JS_AGENT.SMJ and blocks access to the malicious URL used in this attack. We strongly advise Trend Micro product users to immediately enable the Web reputation feature of their software to avoid being victimized by this and similar attacks. Non-Trend Micro customers can also protect themselves by using a combination of our free tools like Web Protection Add-On and Browser Guard.
Post from: TrendLabs | Malware Blog – by Trend Micro
Targeted Attack Exposes Risk of Checking Personal Email at Work
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet