I saw a good presentation analyzing the malware behind this current “fake subpoena phish” by Tyler and Greg at the NEO Information Security Forum the other night. Tyler and Greg are legendary in the Cleveland area for conducting some cutting edge malware analysis over the last few years. They focused on how this type of malware is somewhat different as it did some interesting things with rapidly modifying and changing the the hosts file on the victim machine and how this type of malware will connect and disconnect rapidly as to throw off security researchers (do a netstat and alas…there is no active connection). Tyler and Greg mentioned that they are seeing more and more “smart” malware which is adapting to the techniques malware researches use to find out how this stuff works.
Another point is that these types of targeted attacks are becoming more common. It’s getting easier for anyone to find detailed information about anyone (not just CEO’s) by using free tools like Maltego or by getting creative with your Google searches. This particular phish was very personalized and I would expect this trend to continue.