||Screen capture of
an email sent to a hedge fund and blocked by Barracuda
It's the type of thing that keeps a hedge fund manager up at
night: hackers watching their trades and tapping into their
investment accounts using discrete, remote computer access.
Investment ideas stolen. Bank accounts drained. Erroneous
That's what someone was apparently trying to do in targeting
employees at hedge funds with a so-called keylogger virus,
according to online security company Barracuda Labs.
Keylogger viruses are designed to capture keystrokes and
then load them to a remote server from the infected computer.
They can be used to steal sensitive passwords, such as an
online trading platform or bank account.
In one example provided by Barracuda, the virus is cleverly
disguised as an email about "carried interest fees" from "A.
Friedman" at the "Carlyle Group" in Boston, presumably a
Adena Friedman, the firm's Washington, D.C. based chief
financial officer. The email, of course, is not actually from
"I apologize for the late reply. Please find attached the doc.
requested (regarding the NYSE crrie interest fees)," reads the
email. While "crrie" is apparently a sloppy spelling of
"carried," the NYSE reference could be a sly use of Friedman's
role before Carlyle: head of corporate strategy at NASDAQ OMX.
Carlyle did not respond to a request for comment.
|Folders representing infected computers, via
When double-clicked, the attachment opens an
actual PDF file stolen from law firm Morrison &
Foerster about reporting trades to the Securities and Exchange
Commission. At the same time, "the program is installing a
keylogger which captures keystrokes and loads them to a remote
server using FTP," according to Barracuda.
"It basically logs every keystroke," said Mary Catherine
Petermann of Barracuda. "So in this case the spear phishing
tactic if successful is able to get into anything and
everything that a hedge fund manager would have access
It's not clear how many hedge funds received the spam ads and
Barracuda told AR the emails were blocked by their
clients who use the company's spam filter. Who those clients
are is private. However, an image posted by the company shows
21 folders, which appear to represent as many infected