Spam Email Carries a Keylogger and Targets Hedge and Private Fund Managers

Hedge and private fund managers are being targeted in a cleverly crafted email spam campaign. For starters, the email appears as though it has been 'forwarded' several times, which for some may remove caution. The body uses typical language and offers up a document supposedly containing NYSE carried interest fees. People who are not malware-proof or conscience may overlook a subtle but important hint - the file or attachment is an executable rather than a PDF. Also, quite clever is the ruse of showing the victim a PDF presentation while the actual malicious executable and program downloads and runs in the background.

SEC Release Adopts New Rule
13h-1 and Form 13H; Large
Trader Reporting
[PDF Similar to the one linked at http://www.sec.gov/rules/final/2011/34-64976.pdf]

The above is a generic news bulletin the attacker inserted to distract the victim, who, frustrated, will assume the document a mistake and just ignore. The real mistake is falling victim for the tricks of some hacker who has planted his malicious program and viral agent onto your system to secretly record keystrokes being entered into web-based forms, mainly of a financial nature. A two way port will be opened and the stolen data sent to a remote server by use of a FTP.

Malware is often bundled, so do not be surprised if you encounter a rogue security program and its fake alerts, scans, and reporting. The opening of a port allows the download of a backdoor that gives a hacker remote access and allows him to misuse the system resources in a DNS strike.

Some malicious programs, i.e. trojans, computer worms or viruses, etc., are meant to operate without an interface, so they can stay hidden in the background. If you are absent stealth antimalware protection or the malicious program deactivated your security measures, you will need to rely on your senses and these hints:

• System dragging and running slow
• Web pages freezing up
• System shutting down on its own
• Forced hard boots due to inoperable ALT-DELETE functionality
• Mouse or keyboard failing
• Explosion of fake alerts, scans, and reporting and prompts edging you to use or download an online scanner you did not install
• Assault of pop-up advertisements that contradict browser settings

Don't ignore these subtle hints. Instead, get hold of a trusted and stealth antimalware program to scan your entire system, including white listed areas where critical operating system files live. Aggressive malware uses rootkit technology and is able to mask files, so they read the same as legitimate operating system files. Attempts to manually edit files could prove fatal, especially if you delete the wrong file and corrupt the hard drive.

To minimize your chances of being greeted by malicious programs and files, you should follow these safety rules:

• Keep an antimalware program installed and keep it up-to-date
• Stay atop of notifications that patch software
• Use strong passwords that are hard to crack
• Be wary of eTorrent and warez sites
• Be slow to click on links or attachments in emails or presented on social networking platforms until you can verify the source