Wednesday, January 5, 2011

Merry Christmas from all of us at

It seems that a whole bunch of government officials - including some in cybersecurity - fell for the whole "open your mouth and close your eyes" trick:
A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters.


Recipients who clicked either of the above links and opened the file offered were infected with a ZeuS Trojan variant that steals passwords and documents and uploads them to a server in Belarus.  I was able to analyze the documents taken in that attack, which hoovered up more than 2 gigabytes of PDFs, Microsoft Word and Excel documents from dozens of victims.  I feel reasonably confident I have identified several victims,  all of whom appear to be employees of some government or another. Among those who fell for the scam e-mail were:
Click through for a list of those who fell into this cunning* trap.  It's pretty interesting.  Remember, kids, nobody every emails you anything worthwhile in a ZIP or EXE file.  Ever.  So when you clicky-clicky and then see this ...

... just say "no", mkay?

* Sarcasm alert, of course.  And note to JayG: the Massachusetts Statie who was among the pwn3d clearly should have his LTC revoked.  Let's just call it invoking the "Lowell Rule".  Although unlike the poor sod in Lowell who didn't do anything, this idiot actually did the clicky-clicky bit.


Anonymous said...

Incompetence of this magnitude is truly a wonder to behold. That anyone in this day and age not only opens an email from an unknown sender with an attachment but then turns around and unzips the attachment and runs the executable? Makes me wonder how much dough they've already sent to that Nigerian prince.

SpeakerTweaker said...

While I agree with the commanding majority of what you're saying here, I gotta mention the the company I work for transmits most of our downloadable content to our clients in .zip files (.exe for Vista users). Course, they know that well in advance, and they are expecting it since they just paid for it.


SiGraybeard said...

I need to remember to send out "sorry your Paypal account is blocked" emails to these guys next Christmas.

Something like "We tried to send you a Christmas gift, but the account was blocked. Click here to fix it!".