"Like many other spear phishing attacks, the phisher performed research before launching his or her attack," Cyveillance explains on its Web site. "Specifically, the individual was able to locate [and] use our CEO's e-mail address and the Cyveillance phone number in the e-mail. This information was used to enable and build additional credibility for the attack."
James Brooks, director of product management at Cyveillance, said that anyone clicking on the malware link in the message would have be hit with a Trojan downloader, which would have phoned home to fetch additional malware.
"Most of these attacks are exploiting well known vulnerabilities," said Don Leatham, director of solutions and strategy for Lumension Security. "The first step is to eliminate the vulnerabilities by staying patched. There is the challenge of the zero-day threat, but from what we've seen, the majority of these Trojans are spreading through vulnerabilities that can be closed."
Leatham said that about half of the anti-virus software out there didn't recognize the malware in this attack, a fact that underscores the need for other forms of defense like user education.
The malware in question is a browser helper object known as a form grabber. "It's 'helping' function is to take all the data you enter into forms and send it back to the attacker," explained Matt Richard, director of rapid response for iDefense.