Spam that delivers a pink slip

Cara Garretson   Today’s Top Stories   or  Other Security Stories  

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Web Threats Don't Discriminate The Secure Web Gateway. Mission Critical For Business The Total Economic Impact of the Altiris Total Management Suite Software Securing and Managing the Endpoints: The Case for Convergence An Overview of PAN Manager by Egenera SaaS Solutions for Remote Systems Management Compterworld Technology Briefing: Intelligent Users Use Business Intelligence Computerworld Report- Large Enterprises Pay More for IPAM Sign up to receive Security Resource Alerts

November 1, 2006 (Network World) -- Last week, a handful of employees at Dekalb Medical Center in Decatur, Ga., received e-mails saying they were being laid off. The subject line read "Urgent - employment issue," and the sender listed on the message was at dekalb.org, which is the domain the medical center uses. The e-mail contained a link to a Web site that claimed to offer career-counseling information.

And so a few employees, concerned about their employment status and no doubt miffed about being laid off via e-mail, clicked on the link to learn more and unwittingly downloaded a keylogger program that was lurking at the site.

Score another one for spammers.

Called targeted spam or spear phishing , this type of spam that's currently on the rise is particularly vexing because the spammer is able to "spoof" the sending e-mail address to make it look like it's coming from within the organization of the recipient, making it difficult for spam filters to catch. And, unlike traditional spam that is sent in the thousands, spammers are sending just handfuls of these messages at a time, again making it difficult for antispam technology to detect.

"We blocked a ton of spam at our e-mail gateway because the [sender] addresses are not valid, but these were," says Sharon Finney, information security administrator at Dekalb Medical Center that has 3,500 employees.

The IT department at the medical center found out about the scam when an employee in the HR department, who had received a frantic call from one of the scam's recipients, called the company's CIO. The first thing the IT department did was to set its Web filtering software to block all users from visiting the site linked to in the spam, says Finney.

Then Finney got on the phone with Proofpoint, the company's messaging security vendor, which used its automatic update service to add a rule to its customers' antispam filters that blocked e-mails containing the same link in attempts to protect others from the scam. Although these e-mails are highly targeted to their recipients and are sent in trickles instead of blasts, they're becoming more and common.

"I don't think we were the only ones targeted by this, I've talked to other local hospitals and they've gotten it, too," says Finney. "It's going to get ugly. Spammers are going to get stealthier and more targeted -- these recent e-mails had terminology specific to healthcare, so they knew we are a hospital."

Officials with Proofpoint, Dekalb Medical Center's messaging security vendor, agree that targeted spam is on the rise.

"We're seeing this more and more, typically either in large organizations or with very well-known brands," says Rami Habal, director of product marketing with Proofpoint. Once the company has been alerted to the scam, blocking it is easy. But detecting such well-crafted messages is becoming harder as the sophistication level of spam increases; gone are the days of simply filtering for the word "Viagra".

Continued...
1 | 2 | NEXT  

Reprinted with permission from

For more information about enterprise networking, go to NetworkWorld.com
Story copyright 2008 Network World, Inc. All rights reserved.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"The recent attacks in Mumbai were carried out by assailants using high tech methods. It’s just another way in which..." Read more... Read more Security posts or See all Blogs

Windows users indifferent to Microsoft patch alarm, says researcher Tech jobs down sharply but not out Apple yanks antivirus advice from its Web site More top stories...

Microsoft slates 8 bug updates for year's final Patch Tuesday De Beers tries to force spoof news Web site offline over fake ad Microsoft confirms Yahoo's Lu to run online services

Review: The new MacBook Air, now with extra SSD goodness Thin as ever, the latest Air offers up to twice the storage and snappy performance. Cool Stuff: Your 2008 Holiday Gift Guide We've got an array of economical, expensive, and just plain weird tech gifts for your friends and family. Massive botnet returns from the dead, starts spamming The spam-spewing 'Srizbi' botnet that was shut down two weeks ago has been resurrected and is again under criminal control, say security researchers. Elgan: Why you can't trust 'friends' on Facebook Facebook is popular and growing -- especially with criminals. Here's why they love it. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Record Capacity for Microsoft� Exchange 2007 With VMware and IBM System x3850 M2 Download this white paper today! (Source: VMware) The more that e-mail becomes an entrenched IT infrastructure application, the more that messaging administrators face numerous--sometimes conflicting--demands in the categories of availability, flexibility and cost. Employing a virtual solution can help avoid expensive over-provisioning of server computing resources, while improving management and disaster recovery. And ultimately, it can more than double the number of supportable Exchange 2007 users, as compared to a non-virtualized environment. This whitepaper explains how to break down the scalability barrier and respond faster to your mail system needs. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. 8 Things You Need to Handle Today's Network Traffic Next-Gen Load Balancing: 3 Keys to Successful Delivery of Advanced Web Apps Building a Reliable and Dynamic Data Center with PAN Manager by Egenera View more whitepapers

• Windows users indifferent to Microsoft patch alarm, says researcher
• Microsoft slates 8 bug updates for year's final Patch Tuesday
• Tech jobs down sharply but not out
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Dan Tynan Today's Internet has been brought to you by porn YouTube and Ning are trying to shed adult-oriented content to appeal to mainstream advertisers. Will it work? ... [more]