Security Firm Reports Mass Online E-Mail Attack against Execs

July 2, 2007 ( - More than 500 business executives have been targeted for what security experts believe is the first mass malicious software attack.

Security vendor MessageLabs said targeted attacks try to get around traditional online security measures by relying on individually addressed e-mails, according to a CNET report.

On June 26, MessageLabs intercepted more than 500 individual e-mail attacks targeted at individuals in senior management positions around the world, according to the news report.

Normally, MessageLabs sees approximately 10 targeted attacks per 200 million e-mails per day, according to Mark Sunner, MessageLabs’ chief security analyst.

The troublemaking e-mails feature the name and job title of the victim in the subject line. The sector most targeted was banking and finance, with chief investment officers being targeted in 30% of the attacks, according to Sunner. Eleven percent of the intended victims were chief executive officers, while 6% were chief finance officers.

Sunner said the executives hit by the attacks were perhaps “not that tech-savvy.” In the attacks, an executable file was embedded in a Microsoft Word document. If the victim opened the document and clicked on a link, the file would have run a data-stealing Trojan horse.

The intended victims’ spouses and relatives were also targeted by name, in an attempt to infect other computers related to the victim. The intent was to indirectly gain access to confidential correspondence and intellectual property relating to the target, MessageLabs said, according to CNET