The vast majority of malware is written for wide audience appeal. The social engineering tactics used to spread any given software package may be quite advanced, and the malware itself may give your average anti-malware suite a case of the collywobbles, but the hooks themselves are usually blunt instruments aimed at a very broad group of people. Every now and then, however, an enterprising thief decides to break the mold. In this case, the SANS Internet Storm Center is tracking a highly targeted campaign aimed directly at the CEOs of various companies.

According to the Storm Center, a number of CEOs have received an e-mail claiming to be a federal subpoena requiring that they testify in a particular case. The e-mail then requests that the targeted CEO click to download the relevant case history. Amazingly, the link in question leads not to an actual case document, but to a malware-infected CAB file containing a toxic version of acrobat.exe. Once installed, the bug dials its home command and control server (currently located in Singapore), and steals copies of any security certificates installed on the system.

Antivirus coverage on this particular infection is still weak, but the usual updates should roll in short order since the bug was first picked up a couple of days ago.The fact that the malware authors went to the trouble of targeting specific people makes the attack vector unusual, but their decision to use a federal subpoena notification as a hook has problems of its own, since e-mail is not considered a valid method for delivering such documents. The good news is, this Trojan behaves like most any other after installation—once AV scanners are up to date, neutralization should be no problem.

This isn't the first time we've seen this type of tightly targeted attack. In July, 2007, MessageLabs picked up a malware attack specifically aimed at CEOs in the energy sector. In that case, the attackers went even farther in their attempts to personally target individuals, and sent infected e-mails to the spouses of some of the targets as well as to the execs themselves.

We may see more malware aimed at specific targets as the business continues to commercialize, but the illicit market will have a hard time finding the proper balance between the size of the target group and the amount of effort required to hand-tailor an attack vector towards it. Hopefully such balance will be a long time coming.