No more hiding in the server room

From /. Technology: New "Spear Phishing" Attacks Target IT Admins

snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious
links, are fooling even the savviest of users into opening up holes in
their company's network defenses. The authentic-looking emails, which
often include the admin's complete name or refer to a real project they
are working on, are the product of tactical research or database hacks
and appear as if having been sent by the company's hosting provider.
'In each case, the victim remembered getting a similar sort of email
message when they first signed on with a service and, thus, thought the
bogus message was legitimate — especially because their cloud/hosting
providers keep bragging about all the new data centers they're
continuing to bring online.' The phishing messages often include
instructions for opening up mail servers to enable spam relaying, to
disable their host-based firewalls, and to open up unprotected network
shares. Certainly fodder for some bone-headed mistakes on the part of admins,
the new attack 'makes the old days of hoax messages that caused users
to delete legitimate operating system files seem relatively harmless.'"

http://tech.slashdot.org/story/10/03/02/199205/New-Spear-Phishing-A...

▶ Reply to This

Replies to This Discussion

Permalink Reply by Wesley "Nonapeptide" on March 3, 2010 at 3:25am: So... I shouldn't have sent my hosting company my ASA's login credentials or the domain admin password?; ▶ Reply to This

Permalink Reply by Matt Simmons on March 3, 2010 at 2:54pm: People actually read the emails their providers send? Amazing!

Seriously though, with sufficient resources and patience, it wouldn't be that hard to compromise even the most stringent networks. The more directed an attack is, the greater chance it has of succeeding.; ▶ Reply to This

Permalink Reply by Charlie Rudinger on March 3, 2010 at 3:15pm: true but even the most boneheaded of sys admins needs a heads up every once in a while. Not all SA's are created equal.; ▶ Reply to This

Permalink Reply by Matt Simmons on March 4, 2010 at 3:50pm: Yep. It's a good reminder of why we need to be paranoid!; ▶ Reply to This

Permalink Reply by Charlie Rudinger on March 4, 2010 at 4:13pm: who's paranoid I'm not paranoid, are you paranoid? Who's that reading this msg with you?; ▶ Reply to This

Permalink Reply by Constantin Visan on March 4, 2010 at 8:46am: I this on my email account. I recive today a email perfect copy from original Amazon.com email and with one small link to one server what not exist (I tested in a VM to see wher I hgo:) ). We have a Postini filter a MailSweeper and also antivirus on servers and workstation no detection nothing. I think will be a big paint if more users become emaile like this and the server behind the small instruction link are not dead like in my email.; ▶ Reply to This

Permalink Reply by Charlie Rudinger on March 4, 2010 at 4:14pm: True, we've got users here that will click on anything put in front of them. Then they cry about some virus that took all of their information and sent money to Nigeria, so they could be come royalty.; ▶ Reply to This

Permalink Reply by John McGrath on March 9, 2010 at 11:32am: Does this mean I need to change my password from "God"?!?; ▶ Reply to This

Permalink Reply by Wesley "Nonapeptide" on March 9, 2010 at 12:56pm: Not until I'm done siphoning off all your MP3s. Shouldn't be too much longer since I'm not taking any of your disturbingly large collection of Brittney Spears remixes. =P; ▶ Reply to This

Permalink Reply by Charlie Rudinger on March 9, 2010 at 3:05pm: guess mine isnt secure either... I got mine from spaceballs... 1...2...3...4...5...; ▶ Reply to This

Permalink Reply by John McGrath on March 11, 2010 at 6:32pm: That's the lock code on my luggage! :-); ▶ Reply to This

Permalink Reply by John McGrath on March 11, 2010 at 6:32pm: Hey! Don't be touching my Britney!

:-P; ▶ Reply to This