Another level of malware – spear phishing

It is getting harder and harder to keep up with malware these days. By the time we attempt to write an article warning about a new campaign in the wild (like the new ransomware that encrypts entire hard drives), something else comes out that is an even worse threat. As an example, have you heard of spear phishing? If not, then read on, as it’s the latest threat that is going to make your online life that much more difficult.

Phishing is a term that has been around for ages now, but it is most commonly used to refer to spam campaigns that send out emails looking like they are coming from a legitimate company (be it Apple or a bank), prompting the reader to click a link and enter in some personal information. They are “phishing” for your details, with the only contact point they have for you being an email address. Even that contact point is most likely just a generated name that came from a program that sent the spam to millions of people, most of which don’t exist, in the hope of having just a few respond. It’s dangerous trick and we’ve had to help many users who have fallen into the trap. Sometimes it’s led to simple infections on a PC, but sometimes it’s required the cancellation of credit cards and tracking of financial records. It’s one of the most common means of spreading malware on the internet.

Spear phishing is a rather frightening evolution of this, which uses programs that seek out information on potential victims, using algorithms that search social networking links, web pages, blog posts, anything that might glean real data on people. It then sends out a tricky email, usually something that sounds urgent, threatening or an emergency, with that data in it, to trick the person into clicking the link and there begins to the issues. We’ve gone from phishing trying to get you to give them your information, to directed attacks where they are using your own information to trick you into something much worse.

Ars Technica has a great write-up on one form of this attack that generates a ransomware hit on someone who clicks through the link: Crypto-ransomware targets called by name in spear-phishing blast.

This is the kind of attack that your antivirus program will have a very hard time protecting against (if at all). While this is primarily targeting PC users, we have no seen Cryptoware attacks in the wild that will hit Mac’s and there are reports of others capable of hitting android devices. So far, we haven’t seen any that can hit Blackberry’s or iOS devices, but we believe it’s just a matter of time before a vulnerability is found there as well. So how do you defend yourself?

We repeat this to all our clients and drill it into them. Their best defence comes from their own habits. Question every email that comes in, even if it is from someone you know. What is the link? Are you expecting it? Is there anyway to confirm it is real before you click-through. Don’t download any software without being sure of what you are receiving. Beware of downloading anything (even media files) from illegal sites, such as bitTorrent (they are being hammered with fake files). On today’s Internet you are your own best protection. The technology on your computer should always be considered your second line of protection only and not relied on to catch everything.

Beyond that, we cannot stress enough how important backups are for all users, whether it’s just a home PC or a major work server. You must maintain and test your backups and try to keep at least two redundant backups running at all times (we usually recommend an onsite local image backup and some “in the cloud” off site backup). While the backups can’t protect you from every threat (ie. identity theft) they can help you quickly get back up and running from some of the most common attacks out there today.

As always, if you have any questions or want to have a double-check of your own processes, contact us at

This entry was posted in Reboot Articles and tagged , , . Bookmark the permalink.

One Response to Another level of malware – spear phishing

  1. Pingback: Google Is Partially Dangerous—According to Google | Fix My Computer Now Tech Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s