updated 3/14/2011 2:14:10 PM ET 2011-03-14T18:14:10

A malware-infected e-card purporting to be from the White House stole sensitive information this holiday season from dozens of people, including several government employees and cybersecurity professionals.

The corrupted e-card bearing the title “Merry Christmas from the White House" was sent on Dec. 23, reported Brian Krebs of the blog Krebs on Security, and contained this message: “As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.”

Below the message were two links, followed by the address for the White House, giving the scam a supposed seal of approval.

The scam, Krebs said, appears to be the latest strike from the ZeuS malware gang, an international cybercriminal network that in the past year used the ZeuS Trojan – designed to siphon bank account numbers from PCs -- to steal nearly $9.5 million.

Recipients of the fake e-card who downloaded the links were “infected with a ZeuS Trojan variant that steals passwords and documents and uploads them to a server in Belarus,” Krebs said.

Krebs identified several victims of scam, including an employee at the National Science Foundation’s Office of Cyber Infrastructure, an intelligence analyst with the Massachusetts State Police, a Financial Action Task Force employee, an official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies, and a Millennium Challenge Corporation employee.

The scam was also analyzed by Alex Cox, principal research analyst with the security firm NetWitness. Cox said that the corrupt White House e-cards are similar to another ZeuS botnet scam, named the “Hilary Kneber” scam for the e-mail address of its sender.

Cox believes the criminals behind this malware campaign are after sensitive U.S. government documents.

“This evidence shows the continuing convergence of cybercrime and cyberespionage activities, and how they occasionally mirror or play off one another,” Cox wrote. “The question again, which we posed in our initial Kneber document, is: “Who is the end consumer of this information?”


© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments