of an email sent to a hedge fund and blocked by Barracuda
It’s the type of thing that keeps a hedge fund
manager up at night: hackers watching their trades and tapping
into their investment accounts using discrete, remote computer
access. Investment ideas stolen. Bank accounts drained.
Erroneous trades placed.
That’s what someone was apparently trying to do
in targeting employees at hedge funds with a so-called
according to online security company Barracuda Labs.
Keylogger viruses are designed to capture keystrokes and
then load them to a remote server from the infected computer.
They can be used to steal sensitive passwords, such as an
online trading platform or bank account.
In one example provided by Barracuda, the virus is cleverly
disguised as an email about "carried interest fees" from "A.
Friedman" at the "Carlyle Group" in Boston, presumably a
Adena Friedman, the firm’s Washington, D.C.
based chief financial officer. The email, of course, is not
actually from Carlyle.
"I apologize for the late reply. Please find attached the doc.
requested (regarding the NYSE crrie interest fees)," reads the
email. While "crrie" is apparently a sloppy spelling of
"carried," the NYSE reference could be a sly use of
Friedman’s role before Carlyle: head of corporate
strategy at NASDAQ OMX. Carlyle did not respond to a request
|Folders representing infected computers, via
When double-clicked, the attachment opens an
actual PDF file stolen from law firm Morrison &
Foerster about reporting trades to the Securities and Exchange
Commission. At the same time, "the program is installing a
keylogger which captures keystrokes and loads them to a remote
server using FTP," according to Barracuda.
"It basically logs every keystroke," said Mary Catherine
Petermann of Barracuda. "So in this case the spear phishing
tactic if successful is able to get into anything and
everything that a hedge fund manager would have access
It’s not clear how many hedge funds received the
spam ads and Barracuda told AR the emails were blocked
by their clients who use the company’s spam
filter. Who those clients are is private. However, an image
posted by the company shows 21 folders, which appear to
represent as many infected computers.