Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Executives at a Swedish Company Targeted via an Email Attachment

We received a report of a Swedish company that was just subjected to a targeted attack. The company employs approximately a dozen of high-ranking executives. Almost all of those executives received an email message with an attached executable file named "Likviditetsrapport december prel.xls .exe". (This translates to "Analysis of the current acquisition market.xls  .exe".) The file's icon looked like that for an Excel document.

The targeted company employs has approximately 6,000 users; however, no one besides the dozen executives seems to have received these messages.

According to the VirusTotal scan, only two vendors consider the file malicious, tagging it as a dropper.

-- Lenny

Lenny Zeltser
Security Consulting - Savvis, Inc.

Lenny teaches a SANS course on analyzing malware.


216 Posts
Jan 9th 2009

Sign Up for Free or Log In to start participating in the conversation!