BELARUS NEWS AND ANALYSIS

DATE:

05/01/2011

US govt e-card scam hits confidential data

By Tyler Thia, ZDNet Asia

A fake U.S. government Christmas e-card has managed to siphon off gigabytes of sensitive data from a number of law enforcement and military staff who work on cybersecurity matters, many of whom are involved in computer crime investigations.

According to news.softpedia.com, the rogue e-mail messages sent out on Dec. 23 last year had the subject "Merry Christmas" and purported to originate from a jeff.jones@whitehouse.gov address.

The body message read: "As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings.

"Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission."

This was followed by two links to the alleged greeting cards, which lead to pages hosted on compromised legit Web sites. Victims who clicked on the links were infected with a Zeus Trojan variant, which stole passwords and documents, and uploaded them onto a server in Belarus, reported krebsonsecurity.com.

The article also revealed that the latest attack bore the same technique to one uncovered last year, where 74,000 PCs were found to be part of a botnet. In the earlier incident, victim machines were controlled by Web sites registered with the same e-mail address. Alex Cox, principal research analyst with NetWitness, said the new case either involved the same person or copied the exact same technique.

Security blogger Mila Parkour pointed out that the "pack.exe" file downloaded by the Trojan was a Perl script converted to an executable file by way of a commercial application called Perl2exe. The pack program was responsible for stealing the documents on a victim's computer and relaying the data to a file repository in Belarus.

Krebsonsecurity.com author Brian Kerb said: "The attack appears to be the latest salvo from Zeus malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines."

He explained that this activity was unusual as most criminals using Zeus were interested in money-related activities, whereas the siphoning of government data was associated with advanced persistent threat attacks, the same category that of stuxnet attacks.

Some of the victims included an employee at the National Science Foundation's Office of Cyber Infrastructure, an intelligence analyst in Massachusetts State Police and an employee at the Financial Action Task Force.

Another report by news agency AP said there was no evidence that the stolen classified information had been compromised.

Source:

http://www.zdnetasia.com/us-govt-e-card-scam-hits-confidential-data-62205450.htm

Search Belarus News and Analysis:

Latest News

Archive

Month, Year December, 2010November, 2010October, 2010September, 2010August, 2010July, 2010June, 2010May, 2010April, 2010March, 2010February, 2010January, 2010December, 2009November, 2009October, 2009September, 2009August, 2009July, 2009June, 2009May, 2009April, 2009March, 2009February, 2009January, 2009December, 2008November, 2008October, 2008September, 2008August, 2008July, 2008June, 2008May, 2008April, 2008March, 2008February, 2008 January, 2008 December, 2007 November, 2007 October, 2007 September, 2007 August, 2007 July, 2007 June, 2007 May, 2007 April, 2007 March, 2007 February, 2007 January, 2007 December, 2006 November, 2006 October, 2006 September, 2006 August, 2006 July, 2006 June, 2006 May, 2006 April, 2006 March, 2006 February, 2006 January, 2006 December, 2005 November, 2005 October, 2005 September, 2005 August, 2005 July, 2005 June 2005 May 2005 April 2005 March 2005 February 2005

Subscribe Daily Newsletter:

Enter your Email


Powered by FeedBlitz