The attackers accessed the computers of 53 Times employees. Investigators believe some of the employees were targeted by spearphishing messages to gain an initial foothold into the organization. The targeted attacks typically contain malicious file attachments or links to a malicious Web page. If an employee opens the attachment, the malware is designed to target vulnerabilities on the victim's computer. Without the employee's knowledge, a remote access Trojan is dropped on the victim's machine, and the cybercriminals behind the attacks are notified that the attack was successful. One of the only ways to help reduce the risk of spearphishing is end-user education, said Randy Abrams, research director, at Austin, Texas-based security vendor testing firm NSS Labs. Spearphishing attacks tax heuristics technology used in antivirus beyond its limits, Abrams said.