Welcome to the SecAware blog

I spy with my beady eye ...

19 Jul 2007

Lurid job ads

"Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said."

The Reuters correspondent explains that victims were lured to a site with [fake] job advertisements and (presumably) phishing emails, only to have their systems infected with malware. The malware apparently evaded detection by the standard antivirus tools. Nasty.

I've long said that narrowly-targeted/custom malware is a particular threat if it slips under the antivirus silver bullet. Imagine the power of being able to select your target organization and inject your data extraction device and suck out your fill of an organization's lifeblood, with little chance of detection or prosecution. Imagine now that you are a Foreign Power or Criminal Mastermind with the money to buy such malware or the resources to recruit and train your own black squadron of evil hackers ...

Sleep well. Don't have nightmares. Leave that to us professional paranoiacs.

No comments:

Post a Comment