Phishing Attacks via the IT Department

Michael Vizard

Is nothing sacred? Turns out that the latest round of phishing attacks plaguing end users look like legitimate e-mails coming from the internal IT department.

The folks at Trusteer Research issued a bulletin yesterday advising customers that the latest versions of a Zeus/Zbot series of phishing attacks are being made to look like a request from the user's IT department to update Microsoft Web Mail settings.

Once opened, a Trojan injects itself into the user's browser and monitors all Web traffic as part of an effort to capture log-in credentials and passwords for various Web sites that the user might have permissions to access. Zeus/Zbot will also invite end users to view additional Web pages as part of an attempt to gather sensitive data.

Trusteer recommends that IT organizations lock down browsers to prevent code from running in the browser and, naturally, deploy a plug-in developed by Trusteer to prevent just this sort of thing from happening. In addition, end users should be alerted not to click on links that change Microsoft Outlook settings.

This phishing attack is the latest in a series that continues to show that we need a new approach that firmly establishes the reputation of both the Web sites that deliver content and the actual files moving across our networks. We may be powerless to stop the attacks, but we can be a lot more vigilant about not falling victim to them.

Add Comment      Leave a comment on this blog post
Oct 16, 2009 3:37 AM IT Support IT Support  says:

I had one of these yesterday, I'm the technical director of an IT Support company and I had to do a double take...

I knew I didn't send it of course - but the url that was spoofed looked .

Just shows that we really need to protect our users from these attacks at the edge - you simply can't rely on users knowing the difference as they look so authentic!

This was the first phishing mail I've had that pointed back to a url.

IT Admins beware................

Tony Brown.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.