Fake White House Christmas E-Card Swipes Government Documents

Over the holidays, several government employees and contractors received a Christmas e-card that purported to be from The White House, but actually contained document-swiping malware. According to Krebs on Security, when a recipient opened the file, or clicked on either of the included links, a trojan stole PDF, Word and Excel documents, and then uploaded them to a server in Belarus. Blogger Brian Krebs reports that about two gigabytes of government documents were taken in this phishing attack. According to NetWitness, this attack was carried out by a variant of the ZeuS botnet that hijacked 74,000 PCs last February. Krebs was able to identify several of this latest attack's victims, including an intelligence analyst with the Massachusetts State Police, an employee at the National Science Foundation's Office of Cyber Infrastructure, and an employee of the Financial Action Task Force. In other words, it wasn't just gift-shop clerks who were duped by the e-card.

The e-card, which featured a festive Christmas tree over a red background, read as follows: "As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission." Recipients could click one of two links embedded within the e-Card. These malicious links began a download of a ZIP file, which contained the ZeuS malware that was responsible for swiping the sensitive documents.

Previously, ZeuS trojans have been widely used to steal online banking credentials, information and passwords, like during last February's hijacking of about 74,000 PCs. Don Jackson, director of threat intelligence for SecureWorks, told MSNBC that it's possible the malware used in both attacks was created by the same group. Whereas last February's attack was large-scale and encompassed thousands of computers, the Christmas e-card scam was probably carried-out manually by a few individuals, since it targeted such a small group. Jackson also thinks the scale of this attack is why the e-card was able to slip through the government's porous cybersecurity traps and sensors.

It's troublesome that government employees and contractors could fall prey to such a simple scam. What's more troublesome is that the government seems to be in no hurry to shore up the obvious holes in its cyber-security. Meanwhile. spammers and hackers took a trojan typically used for financial fraud, and used it to steal sensitive government information. We aren't saying the sky is falling, but news of another attack on government computers doesn't exactly breed confidence.

http://www.switched.com/2011/01/04/fake-white-house-christmas-ecard-swipes-government-documents/?icid=maing%7Cmain5%7Cdl3%7Csec1_lnk3%7C34703



Prevent yourself from being botted

http://free.antivirus.com/rubotted/

RUBotted monitors your computer for potential infection and suspicious activities associated with bots. Bots are malicious files that enable cybercriminals to secretly take control of your computer. Upon discovering a potential infection, RUBotted will identify and clean them with HouseCall.

What’s New?


Improved detection
Enhanced cleaning capabilities
Accessible status and log reports
Compatible with other antivirus products
Interfaces with Trend Micro Smart Protection Network

Don't know exactly what I did to deserve it, but it was the official WH Christmas card that I'd seen on TV (cranberry bordered paper, Pete Sousa photo of the White House at night in the snow). Anyone else get one?

am sorely disappointed in the responses or lack thereof, to important information that is simply meant to help. Like the charming cat giffs I used to post in the Lounge but stopped because of lack of enthusiasm, this too shall be my last post on computer issues here.