Not long after airstrikes began in Libya last month, certain attorneys at four U.S. law firms, known for having high-profile clients in the oil industry, each received a personally addressed email message.
Each message carried an Adobe PDF attachment, purportedly an analyst report describing the effect of Libya's uprising on oil futures. Each lawyer clicked on the attachment.
But the PDF was actually pre-set to deliver a quick-acting computer intrusion, says Chris Day, chief security architect at data security company Terremark, who watched the attack unfold. Within a few seconds, the PC of each attorney who clicked on the attachment began sending a silent beacon to a command server controlled by the intruders.
Terremark alerted law enforcement, and the law firms were notified, cutting off yet another persistent intrusion - a distinctive type of hack that has quietly become a staple of the cyberunderground.