White House Christmas Card malware

White House Christmas E-Card Spoof Brings Malware, Espionage

They might have preferred a lump of coal: A bunch of federal workers and contractors got a not-so-nice holiday surprise last week. An e-card that went out Dec. 23 purporting to contain Christmas greetings from the White House was actually the vehicle for a two-pronged cyberattack that targeted users’ financial data and sensitive government documents.

One prong was the well-known ZeuS Trojan, which records users’ keystrokes when they log onto a list of financial websites and then sends those credentials to a server. The more-novel – and more threatening to national security – half scours the infected hard drive and uploads all .doc, .pdf and .xls files to a server in Belarus. Thus far, it has collected more than 2 gigabytes of information, according to security blogger Brian Krebs. As with many threats, it also modifies infected computers’ HOSTS files to prevent users from accessing websites with anti-virus information.

The collected information could be quite sensitive; Krebs hypothesized, based on document cache, that infected users included an employee at the National Science Foundation’s Office of Cyber Infrastructure; an intelligence analyst from Massachusetts State Police, whose computer uploaded documents that appear to be records of court-ordered cell phone intercepts; and an employee at the Financial Action Task Force, an agency that supports policies to prevent money laundering and terrorism financing.

Situations like this present quite a quandary for IT managers. While tech-savvy users would have sniffed outs something suspicious about the source of the faux-card (iphonedevelopersdk.com) the average user likely would not have though twice about clicking “save file.” To the average federal worker who didn’t grow up navigating Windows directories, opening the file wouldn’t have violated any rules: The sender was known (who doesn’t know the president?), and it makes sense that he would want to wish those serving his government a happy yuletide.

And so IT managers are left with the unhappy tension between shepherding these less-experienced users away from malware attacks while still allowing people to download often-critical materials from the Internet and their mail servers without an undue amount of hassle. And when you throw in techies frustrated that they can’t download the browser of their choice, the headache just gets bigger.

The best attempt at resolving this tension I’ve seen so far is a piece of freeware called “Trust-No-Exe,” which prevents users from downloading any type of executable file, including .exe, .com, .scr, .zip, without direct authorization from an IT manager. Such a measure would likely have prevented these attacks. The problem is, malware can lurk in PDFs and Flash videos, too, and both of these are everyday necessities for carrying out business. So what do you do? How do you keep your company’s machines safe while still allowing business to go on?

Posted by Laura Williams on Jan 05, 2011

  • Ahead of Current Events Ahead of Current Events

    In this episode, Ralph C. Jensen chats with Dana Barnes, president of global government at Dataminr. We talk about the evolution of Dataminr and how data software benefits business and personnel alike. Dataminr delivers the earliest warnings on high impact events and critical information far in advance of other sources, enabling faster response, more effective risk mitigation for both public and private sector organizations. Barnes recites Dataminr history and how their platform works. With so much emphasis on cybersecurity, Barnes goes into detail about his cybersecurity background and the measures Dataminr takes to ensure safe and secure implementation.

Digital Edition

  • Security Today Magazine - November December 2022

    November / December 2022


    • Key Tech Trend
    • Is Your Access Control System Cyber Secure?
    • Constantly Evolving
    • The Talent Shortage
    • Looking Forward to 2023

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Spaces4Learning
  • Campus Security & Life Safety