File this under interesting social engineering techniques.
According to Red Condor, attackers are blasting out e-mails with a thread of messages claiming to be about an important update from Adobe Systems that fixes a denial-of-service vulnerability. The e-mails of course do not contain an update; just malware.
But the most interesting part of the campaign is the way the attackers customized the message. The thread contains what appear to be the full names and e-mail addresses of people in higher positions in the recipient’s organization, added in an attempt to make the message look legitimate. The spoofed e-mail also appears to be from a fellow employee. Inside the e-mail are links to a PDF file containing update instructions for the patch, as well as an executable that Red Condor has identified as malware.
The good news is that the campaign is highly targeted and not widespread. While the company is not sure how the addresses in the e-mails were obtained, researchers said there are a number of possibilities, including that addresses were skimmed from Websites.
“This sophisticated campaign demonstrates the lengths scammers will go to get their e-mails past security so they can deploy malware on unsuspecting users’ systems,” Tom Steding, CEO of Red Condor, said in a statement. “The e-mail itself contains convincing language and appears to have already made it through chains of command at the victim’s company. Overall, it’s a convincing campaign that could be a significant threat if the message volume increases.”