The SysAdmin Network

No more hiding in the server room

From /. Technology: New "Spear Phishing" Attacks Target IT Admins

snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious
links, are fooling even the savviest of users into opening up holes in
their company's network defenses. The authentic-looking emails, which
often include the admin's complete name or refer to a real project they
are working on, are the product of tactical research or database hacks
and appear as if having been sent by the company's hosting provider.
'In each case, the victim remembered getting a similar sort of email
message when they first signed on with a service and, thus, thought the
bogus message was legitimate — especially because their cloud/hosting
providers keep bragging about all the new data centers they're
continuing to bring online.' The phishing messages often include
instructions for opening up mail servers to enable spam relaying, to
disable their host-based firewalls, and to open up unprotected network
shares. Certainly fodder for some bone-headed mistakes on the part of admins,
the new attack 'makes the old days of hoax messages that caused users
to delete legitimate operating system files seem relatively harmless.'"

http://tech.slashdot.org/story/10/03/02/199205/New-Spear-Phishing-A...

Views: 8

Reply to This

Replies to This Discussion

Permalink Reply by Wesley "Nonapeptide" on March 3, 2010 at 3:25am
So... I shouldn't have sent my hosting company my ASA's login credentials or the domain admin password?
Permalink Reply by Matt Simmons on March 3, 2010 at 2:54pm
People actually read the emails their providers send? Amazing!

Seriously though, with sufficient resources and patience, it wouldn't be that hard to compromise even the most stringent networks. The more directed an attack is, the greater chance it has of succeeding.
Permalink Reply by Charlie Rudinger on March 3, 2010 at 3:15pm
true but even the most boneheaded of sys admins needs a heads up every once in a while. Not all SA's are created equal.
Permalink Reply by Matt Simmons on March 4, 2010 at 3:50pm
Yep. It's a good reminder of why we need to be paranoid!
Permalink Reply by Charlie Rudinger on March 4, 2010 at 4:13pm
who's paranoid I'm not paranoid, are you paranoid? Who's that reading this msg with you?
Permalink Reply by Constantin Visan on March 4, 2010 at 8:46am
I this on my email account. I recive today a email perfect copy from original Amazon.com email and with one small link to one server what not exist (I tested in a VM to see wher I hgo:) ). We have a Postini filter a MailSweeper and also antivirus on servers and workstation no detection nothing. I think will be a big paint if more users become emaile like this and the server behind the small instruction link are not dead like in my email.
Permalink Reply by Charlie Rudinger on March 4, 2010 at 4:14pm
True, we've got users here that will click on anything put in front of them. Then they cry about some virus that took all of their information and sent money to Nigeria, so they could be come royalty.
Permalink Reply by John McGrath on March 9, 2010 at 11:32am
Does this mean I need to change my password from "God"?!?
Permalink Reply by Wesley "Nonapeptide" on March 9, 2010 at 12:56pm
Not until I'm done siphoning off all your MP3s. Shouldn't be too much longer since I'm not taking any of your disturbingly large collection of Brittney Spears remixes. =P
Permalink Reply by Charlie Rudinger on March 9, 2010 at 3:05pm
guess mine isnt secure either... I got mine from spaceballs... 1...2...3...4...5...
Permalink Reply by John McGrath on March 11, 2010 at 6:32pm
That's the lock code on my luggage! :-)
Permalink Reply by John McGrath on March 11, 2010 at 6:32pm
Hey! Don't be touching my Britney!

:-P

RSS

© 2012   Created by Elizabeth Ayer and Michael Francis.   Powered by

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!