IE 11 is not supported. For an optimal experience visit our site on another browser.

Security Experts Duped by Fake White House E-Cards

This version of Wbna40913464 - Breaking News | NBC News Clone was adapted by NBC News Clone to help readers digest key facts more efficiently.

A malware-infected e-card purporting to be from the White House stole sensitive information this holiday season from dozens of people, including several government employees and cybersecurity professionals.
/ Source: SecurityNewsDaily
By Matt Liebowitz

A malware-infected e-card purporting to be from the White House stole sensitive information this holiday season from dozens of people, including several government employees and cybersecurity professionals.

The corrupted e-card bearing the title “Merry Christmas from the White House" was sent on Dec. 23, reported Brian Krebs of the blog Krebs on Security, and contained this message: “As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we’re profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.”

Below the message were two links, followed by the address for the White House, giving the scam a supposed seal of approval.

The scam, Krebs said, appears to be the latest strike from the ZeuS malware gang, an international cybercriminal network that in the past year used the ZeuS Trojan – designed to siphon bank account numbers from PCs -- to steal nearly $9.5 million.

Recipients of the fake e-card who downloaded the links were “infected with a ZeuS Trojan variant that steals passwords and documents and uploads them to a server in Belarus,” Krebs said.

Krebs identified several victims of scam, including an employee at the National Science Foundation’s Office of Cyber Infrastructure, an intelligence analyst with the Massachusetts State Police, a Financial Action Task Force employee, an official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies, and a Millennium Challenge Corporation employee.

The scam was also analyzed by Alex Cox, principal research analyst with the security firm NetWitness. Cox said that the corrupt White House e-cards are similar to another ZeuS botnet scam, named the “Hilary Kneber” scam for the e-mail address of its sender.

Cox believes the criminals behind this malware campaign are after sensitive U.S. government documents.

“This evidence shows the continuing convergence of cybercrime and cyberespionage activities, and how they occasionally mirror or play off one another,” Cox wrote. “The question again, which we posed in our initial Kneber document, is: “Who is the end consumer of this information?”

Want more summaries like this? Follow NBC News Clone for expertly filtered news from trusted sources.

×
AdBlock Detected!
Please disable it to support our content.

Related Articles

Donald Trump Presidency Updates - Politics and Government | NBC News Clone | Inflation Rates 2025 Analysis - Business and Economy | NBC News Clone | Latest Vaccine Developments - Health and Medicine | NBC News Clone | Ukraine Russia Conflict Updates - World News | NBC News Clone | Openai Chatgpt News - Technology and Innovation | NBC News Clone | 2024 Paris Games Highlights - Sports and Recreation | NBC News Clone | Extreme Weather Events - Weather and Climate | NBC News Clone | Hollywood Updates - Entertainment and Celebrity | NBC News Clone | Government Transparency - Investigations and Analysis | NBC News Clone | Community Stories - Local News and Communities | NBC News Clone