Top-level employees of publicly listed companies are being targeted by cybercriminals using malware-infected RTF documents disguised as recruitment letters.
Security company MessageLabs reported that 1,100 e-mails containing malware-infected RTF (rich text file) attachments were recorded over a 16-hour period this month. Four separate waves appeared between September 13 and 14, the company said.
“All (the e-mails) were going after (top-level) management. The e-mails included the company name in the subject field, purporting to be a recruitment company. What it had in the attachment is an executable RTF file,” a MessageLabs representative said.
Similar e-mails were noticed in June, the representative said.
The e-mail, which contains no body text, includes a .scr screen-saver dummy file within an executable RTF file, the representative said. When recipients attempt to open the file, a message is displayed stating: “Microsoft has encountered an error and had to close.” The recipient is then advised: “To view this, double click on the message.”
Once activated, the RTF file starts a chain of downloads that establish a secure connection between the attacker’s server and the infected computer.
The top-level nature of the targets clearly indicates that the attackers are after information, the MessageLabs representative said, but the greater concern is the social-engineering technique used to spread the Trojan-harboring e-mail.