Employees targeted with fake DocuSign "confidential message"
Posted on 23.01.2013
Bookmark and Share
An email purportedly sent by the DocuSign Electronic Signature Service on behalf of the administrative departments of a wide variety of organizations and businesses is hitting the inboxes of their employees, Bitdefender warns.

With "To All Employees - Confidential Message" in the subject line, a spoofed "From" email address, rather legitimate looking graphics in the email's body and the URL of the company's official website inserted at the end, the email is likely to be considered genuine by many:


The email urges recipients to open the attached To ALL Employees.zip file, which actually contains an information-stealing Trojan that searchers for passwords of users' e-mail client and those saved by their browsers, and collects account information (server names, port numbers, login IDs, and more).

In addition to this, it also attempts to log into other connected machines by trying out a hardcoded list of most frequent password, and some variants are also able to download additional malware on the already infected systems.

DocuSign is aware of the malicious spam campaign and is warning users about it, advising them not to open attachments in emails that seem to come from the service and to forward the bogus email to spam@docusign.com to help with their forensic efforts.

"DocuSign continues to aggressively investigate this incident and is working with law enforcement agencies to take further action," they wrote, adding that DocuSign doesn't sell user information to third parties.

"Malicious third parties most often obtain email addresses by spidering the Internet, purchasing lists, and then 'phishing' for personal information via phone calls, spam emails, or fake web sites that contain malicious viruses designed to capture email directories, contacts, and other personal data," they explained.






Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //