It looked like an innocent e-mail X-Mas card from the White House.
But the holiday greeting that surfaced just before the secular holiday was a ruse by cybercriminals to steal documents and other data from law enforcement, military and government workers — particularly those involved in computer crime investigations.
Analysts who have studied the malicious software said Tuesday that hackers were able to use the e-mail to collect sensitive law enforcement data.
An email sent out on 23 December to an unknown number of recepients, apparently addressed from the Executive Office of the US President, directed recipients to a link containing a variant of the ZeuS trojan. Once downloaded, it harvested documents and log-in credentials that were then uploaded to a server in Eastern Europe.
The attack was documented on the blog of computer security analyst Brian Krebs. He claims that more than 2Gb of documents were collected from a number of victims, which included staff working at both US and international government organisations.
“The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines,” he wrote.
According to Krebs, federal officials who were duped by the message included an intelligence analyst at Massachusetts State Police, an employee at the National Science Foundation’s Office of Cyber Infrastructure, and an official working for the Moroccan government.
The attack bares some resemblance to last year’s Kneber botnet, which also used the ZeuS malware. When discovered by security vendor NetWitness in February 2010, Kneber consisted of approximately 74,000 infected PCs collecting data and login credentials from more than 2,500 organizations.
(Source: Information Age)
2 Responses
Same usual rules apply: Never click on a link if you can’t confirm where it came from!
And who says it didn’t come from the White House?
Aryeh Zelasko
Beit Shemesh