On Monday SANS Internet Storm Center wrote about a targeted attack against CEOs. The e-mail messages were directly sent to senior corporate executives and properly identified them by name. The message claimed their testimony was required in a corporate lawsuit. If they clicked through on the link to read the supposed subpoena they were then asked to install a file.
And if they ran the file? Then they were really installing a trojan-spy designed to steal certificates. Here's the description of what we detect as Trojan-Spy:W32/Small.BSL.
We've been watching the evolution of targeted attacks for about two years now. Hopefully this recent press coverage helps to shed some light on a very serious issue.
One of our recent posts linked to the Businessweek article "The New E-spionage Threat". If you haven't read it yet, take the time to do so this weekend.