Security expert warns of targeted attacks on senior execs

Attackers could use the practice of 'vanity' searches to carry out targeted attacks, according to security experts.

Trusteer chief executive Mickey Boodaei suggested in a company blog posting that attackers could infect PCs belonging to high-level executives by lacing pages with search terms associated with the target's name or company.

Boodaei explained that, in order to keep tabs on news coverage, many executives have Google Alert settings that comb the engine for mentions of their own name, a practice known as a 'vanity search'.

An attacker could craft a malicious page with an exploit tool or attack code. The malicious page could then be loaded with words associated with the individual or company being targeted.

The attack page would then appear on the target's vanity searches, possibly luring an executive or other high-value target into a malware attack.

Boodaei said that the potency of the attacks could be increased by the use of zero-day flaws in combination with personal information gathered through services such as LinkedIn.

The Trusteer report comes as targeted attacks and data breaches are taking centre stage in the security world. RSA recently credited a data breach on its systems to a sophisticated targeted attack.

Boodaei said that the technique could be one of many used as targeted attacks become more common.

"It's also worth noting that many enterprises that do discover attacks fail to understand their implications, and simply disinfect the computer and then move on," Boodaei wrote.

"We have been researching targeted attacks for three years, and have concluded that these types of attacks represent the future of online fraud and financial industry darkware."