Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

White house greeting cards

Published: 2010-12-23
Last Updated: 2010-12-23 23:00:10 UTC
by Mark Hofman (Version: 1)
1 comment(s)

We've had some reports of some targeted emails from "The White House". 

Emails typically look as follows: 

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

http://yyyyyyyyyy.com/
card/
http://xxxxxxxxxx.com/card/

Merry Christmas!
______________________________
_____________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

The email links to an exe file which in turn downloads what looks like a key logger, typically associated with ZBOT.  currently these are barely detected, but that should improve. 

If you receive some of these I'd be interested in the URL as well as the headers of the message. 

Cheers

Mark 

Keywords: targeted attack
1 comment(s)
Diary Archives