Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Executives at a Swedish Company Targeted via an Email Attachment - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Executives at a Swedish Company Targeted via an Email Attachment

We received a report of a Swedish company that was just subjected to a targeted attack. The company employs approximately a dozen of high-ranking executives. Almost all of those executives received an email message with an attached executable file named "Likviditetsrapport december prel.xls .exe". (This translates to "Analysis of the current acquisition market.xls  .exe".) The file's icon looked like that for an Excel document.

The targeted company employs has approximately 6,000 users; however, no one besides the dozen executives seems to have received these messages.

According to the VirusTotal scan, only two vendors consider the file malicious, tagging it as a dropper.

-- Lenny

Lenny Zeltser
Security Consulting - Savvis, Inc.

Lenny teaches a SANS course on analyzing malware.

Lenny

216 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!