Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Malicious CD ROMs mailed to banks SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Malicious CD ROMs mailed to banks

The National Credit Union Administration (NCUA) published an interesting advisory here:

http://www.ncua.gov/news/press_releases/2009/MR09-0825a.htm

Member credit unions evidently are reporting receiving letters which include two CDs. The letters claim to originate form the NCUA and advertises the CDs as training materials. However, it appears that the letter is a fake and the CDs include malware.

We have not heard about this scheme affecting any other targets, but please let us know if you see something like this. Malware delivery via USPS has certainly been suggested before.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019

Johannes

3683 Posts
ISC Handler
There must have been a contest to see how many federal laws you can break at once
Anonymous
These are unsophisticated, but very effective. There are still so many businesses that don't lock down their workstations. I did something similar recently for a penetration test with a high rate of success.
Anonymous
Wow, the system worked! The malware got noticed, the word was spread rapidly through the industry and the appropriate agencies also also got alerts out.Pretty cool!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!