backtop


Print 2 comment(s) - last by .. on Sep 1 at 8:40 AM

Attack is reportedly the work of a security firm, testing defenses of American financial institutions

Over the past few weeks, many small banks and credit unions across the country began to receive packages purporting to be from the National Credit Union Administration, an organization that oversees many of America's small financial institutions.  The letter warned the readers to beware of phishing attacks and to peruse two included CDs of training material.

If you haven't guessed it by now, the two CDs were actually packed full of malware, and the letter wasn't really from the NCUA.  Reportedly (according to the SANS Internet Storm Center) the packages were sent from Microsolved as part of an authorized security test.

Nonetheless, the NCUA has responded, issuing a warning.  The NCUA states, "A federally insured credit union has reported receiving a bogus Letter to Credit Unions, accompanied by two compact discs (CDs). The subject of the fraudulent letter itself is a purported NCUA FRAUD Alert. The letter advises credit unions to review training material (contained on the CDs). DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES."

The letter which comes in the packages bears many hallmarks of a phishing scheme including typos and grammatical errors.  An excerpt from it:

The NCUA has warned numerous times 1 about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies or government agencies asking consumers to "re-submit" or "verify" confidential information such as bank accounts, Social Security Numbers, passwords, and personal identification numbers...
Please read the included document, as it contains important training and informational material regarding the risks of fraud...

While it appears the campaign may only be a test, it demonstrates an attack route that has not been executed in some time, though much talked about.  Given the lack of good reasoning that many users seem to have when it comes to security, the attack may experience great success.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

What's the malware it installs?
By Spacecomber on 8/31/2009 10:01:10 AM , Rating: 5
Does it create a screensaver that announces, "You are a dumbass. Report to Human Resources."




By on 9/1/2009 8:40:41 AM , Rating: 1
http://www.crispstyle.com

bikini$25

(air jordan, air max, shox tn, rift, puma, dunk sb, adidas)

nike jordan shoes 1-24 $32

lv, coach, chane bag $35

COOGI(jeans, tshirts, hoody, jacket) $30

christian audigier(jeans, tshirts, hoody) $13

edhardy(shoes, tshirts, jeans, caps, watche, handbag) $25

Armani(jeans, tshirts,) $24

AF(jeans, coat, hoody, sweater, tshirts)Abercrombie & Fitch $31

http://www.crispstyle.com




"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher

















botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki