Over the holidays, several government employees and contractors received a Christmas e-card that purported to be from The White House, but actually contained document-swiping malware. According to Krebs on Security, when a recipient opened the file, or clicked on either of the included links, a trojan stole PDF, Word and Excel documents, and then uploaded them to a server in Belarus. Blogger Brian Krebs reports that about two gigabytes of government documents were taken in this phishing attack. According to NetWitness, this attack was carried out by a variant of the ZeuS botnet that hijacked 74,000 PCs last February. Krebs was able to identify several of this latest attack's victims, including an intelligence analyst with the Massachusetts State Police, an employee at the National Science Foundation's Office of Cyber Infrastructure, and an employee of the Financial Action Task Force. In other words, it wasn't just gift-shop clerks who were duped by the e-card.
The e-card, which featured a festive Christmas tree over a red background, read as follows: "As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission." Recipients could click one of two links embedded within the e-Card. These malicious links began a download of a ZIP file, which contained the ZeuS malware that was responsible for swiping the sensitive documents.
Previously, ZeuS trojans have been widely used to steal online banking credentials, information and passwords, like during last February's hijacking of about 74,000 PCs. Don Jackson, director of threat intelligence for SecureWorks, told MSNBC that it's possible the malware used in both attacks was created by the same group. Whereas last February's attack was large-scale and encompassed thousands of computers, the Christmas e-card scam was probably carried-out manually by a few individuals, since it targeted such a small group. Jackson also thinks the scale of this attack is why the e-card was able to slip through the government's porous cybersecurity traps and sensors.
It's troublesome that government employees and contractors could fall prey to such a simple scam. What's more troublesome is that the government seems to be in no hurry to shore up the obvious holes in its cyber-security. Meanwhile. spammers and hackers took a trojan typically used for financial fraud, and used it to steal sensitive government information. We aren't saying the sky is falling, but news of another attack on government computers doesn't exactly breed confidence.
http://www.switched.com/2011/01/04/fake-white-house-christmas-ecard-swipes-government-documents/?icid=maing%7Cmain5%7Cdl3%7Csec1_lnk3%7C34703Prevent yourself from being botted
http://free.antivirus.com/rubotted/RUBotted monitors your computer for potential infection and suspicious activities associated with bots. Bots are malicious files that enable cybercriminals to secretly take control of your computer. Upon discovering a potential infection, RUBotted will identify and clean them with HouseCall.
What’s New?
Improved detection
Enhanced cleaning capabilities
Accessible status and log reports
Compatible with other antivirus products
Interfaces with Trend Micro Smart Protection Network