Spearphishing – The Movie

Eric Fiterman of Rogue Networks/Methodvue demonstrates how to construct a malicious email that effectively impersonates President Obama. Using malware delivered in an attachment, Fiterman takes control of the recipient’s computer.

click to access video

He steals passwords, searches for files and even takes a picture of his victim using the computer’s camera.  Watch the video at  http://money.cnn.com/video/technology/2011/07/25/t-tt-hacking-phishing.cnnmoney/

What permits Fiterman to infiltrate this computer?  The recipient can’t distinguish a real email from the President from a fake email from the President.  People need to know if an email is really from the President. They need to know if an email is really from a co-worker.  SP Guard from Iconix lets email recipients quickly and easily determine if the sender really is the President or a co-worker.

SP Guard Inbox

SP Guard provides the recipient with three confirmations that a message is real:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard now offers a fraud filtering enhancement.  This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342 , ext 3 or use our online form.

Advertisements

7 Responses to Spearphishing – The Movie

  1. […] It is interesting that the attack vector chosen to demonstrate the need for this law was spearphishing.  As Cisco reported in it June 2011 study, “Email Attacks: This Time It’s Personal“, spearphishing uses unique and previously unseen exploits to compromise systems.  Because these attacks are previously unseen, knowing about attack A does not defend against attack B.  Spearphishers do not infiltrate systems with attacks on computers, they infiltrate systems by tricking email recipients.  You can see how this works by watching  Spearphishing – The Movie. […]

  2. […] use socially engineered emails in order to deceive targeted email recipients into compromising their […]

  3. […] are using spearphishing emails to infiltrate systems.  Spearphishing occurs when hackers use socially engineered emails in order to deceive targeted email recipients into compromising their […]

  4. […] asks, “What  method of cyber attack are you most worried about?”  The answer — spearphishing, with almost half of respondents identifying spearphishing as the threat that most concerns […]

  5. […] While the focus has been on the problems that Flame causes after it is installed, little has been said about how Flame enters a network.  Roel Schouwenberg, senior researcher at Kaspersky, speculates that Flame’s initial entry into a network is through a spearphishing email that delivers a zero-day exploit.  Spearphishing is a social engineering attack in which the attacker creates a highly personalized email that deceives the recipient into acting.  You can see how this is done by viewing “Spearphishing – The Movie.” […]

  6. […] While the focus has been on the problems that Flame causes after it is installed, little has been said about how Flame enters a network.  Roel Schouwenberg, senior researcher at Kaspersky, speculates that Flame’s initial entry into a network is through a spearphishing email that delivers a zero-day exploit.  Spearphishing is a social engineering attack in which the attacker creates a highly personalized email that deceives the recipient into acting.  You can see how this is done by viewing “Spearphishing – The Movie.” […]

  7. […] to the recipient.  You can see a demonstration of how easy it is to spoof a sending domain at Spearphishing — The Movie.  A little internet research yields substantial personal information that can be used to deceive […]