US govt e-card scam hits confidential data

US govt e-card scam hits confidential data

Summary: Reports say government staff fall prey to cyber espionage in the form of a Christmas e-greeting scam, where a Trojan variant stole passwords and documents and sent the data to a Belarus server.

SHARE:

A fake U.S. government Christmas e-card has managed to siphon off gigabytes of sensitive data from a number of law enforcement and military staff who work on cybersecurity matters, many of whom are involved in computer crime investigations.

According to news.softpedia.com, the rogue e-mail messages sent out on Dec. 23 last year had the subject "Merry Christmas" and purported to originate from a jeff.jones@whitehouse.gov address.

The body message read: "As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings.

"Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission."

This was followed by two links to the alleged greeting cards, which lead to pages hosted on compromised legit Web sites. Victims who clicked on the links were infected with a Zeus Trojan variant, which stole passwords and documents, and uploaded them onto a server in Belarus, reported krebsonsecurity.com.

The article also revealed that the latest attack bore the same technique to one uncovered last year, where 74,000 PCs were found to be part of a botnet. In the earlier incident, victim machines were controlled by Web sites registered with the same e-mail address. Alex Cox, principal research analyst with NetWitness, said the new case either involved the same person or copied the exact same technique.

Security blogger Mila Parkour pointed out that the "pack.exe" file downloaded by the Trojan was a Perl script converted to an executable file by way of a commercial application called Perl2exe. The pack program was responsible for stealing the documents on a victim's computer and relaying the data to a file repository in Belarus.

Krebsonsecurity.com author Brian Kerb said: "The attack appears to be the latest salvo from Zeus malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines."

He explained that this activity was unusual as most criminals using Zeus were interested in money-related activities, whereas the siphoning of government data was associated with advanced persistent threat attacks, the same category that of stuxnet attacks.

Some of the victims included an employee at the National Science Foundation's Office of Cyber Infrastructure, an intelligence analyst in Massachusetts State Police and an employee at the Financial Action Task Force.

Another report by news agency AP said there was no evidence that the stolen classified information had been compromised.

 

Topics: Software, Apps, Collaboration, Government, Security, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Cybersecurity personnel? They should hang their collective (stupid) heads in shame.
    rlwalker@...
  • Why don't we just kill these people? We have the capability to track down one damned cow in the entire world and name that cow as being the one responsible for an outbreak of Mad Cow Disease, don't tell me that with the technology that we can bring to bear on these people who write and or deploy these viruses, trojans, malware and whatnot that we can't send a spec ops team to whatever hole they are hiding in, drag their****out into the light of day and put a bullet in their head. Video the entire thing and upload it to YouTube as a warning to everyone else writing and deploying this garbage that they are next. I bet you'd see a whole bunch of machines all over the world mysteriously cleaned up, patched up and virus free in no time. Users would be wondering why their machine suddenly runs like it did when it was new.

    Is that a hardline approach? You're damn right it is but this is absolutely ridiculous. Society as a whole has become so dependant on technology anymore to even be able to function as a human being and what's worse is that our country's infrastructure is dependant on technology to operate. People shouldn't have to be network security specialists in order to be able to surf the web or to take care of their personal business without fear of someone stealing their identity or their credit card and banking information to sell to someone else. Even every day due dilligence is not enough anymore to reasonably believe that you are safe online or even on your smart phone anymore. So yes, my proposal is drastic, it is dramatic, it is over the top but hell, we've launched a whole "War on Drugs" because some guys and girls in the 70's extolled the virtues of "Peace Love and Groovy Colors" and believed that pot is good, so why not re-direct those funds into 10 or 15 hit squads and we wouldn't be worrying about this crap so much.
    Valek_Hawke