Malicious CD ROMs mailed to banks
Update: We go an email and phone call from Brent Huston with Microsolved. This mailing was part of an authorized pen test. Nothing to worry about (right now), but the best practices to deal with such issues still apply.
-----
The National Credit Union Administration (NCUA) published an interesting advisory here:
http://www.ncua.gov/news/press_releases/2009/MR09-0825a.htm
Member credit unions evidently are reporting receiving letters which include two CDs. The letters claim to originate form the NCUA and advertises the CDs as training materials. However, it appears that the letter is a fake and the CDs include malware.
We have not heard about this scheme affecting any other targets, but please let us know if you see something like this. Malware delivery via USPS has certainly been suggested before.
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
BradC
Aug 27th 2009
1 decade ago
BillR
Aug 27th 2009
1 decade ago
RJ
Aug 27th 2009
1 decade ago