Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday July 31 2018, @01:22PM   Printer-friendly
from the old-but-tested dept.

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert shared with state and local government agencies by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a "confusingly worded typed letter with occasional Chinese characters."

Please insert in election computer.

Also at TechCrunch and Engadget.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by DannyB on Tuesday July 31 2018, @04:42PM (3 children)

    by DannyB (5839) Subscriber Badge on Tuesday July 31 2018, @04:42PM (#715272) Journal

    I was thinking about that. But got distracted.

    I wonder how many of these CDs have malware specifically targeted at voting systems?

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by takyon on Tuesday July 31 2018, @04:57PM (2 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday July 31 2018, @04:57PM (#715277) Journal

    Might not be for anything specific. If you can infect one agency, you could use the info gained to do convincing phishing attacks on other targets.

    However, we don't know that these discs were sent by the government or govt-backed groups. It could just be a lackluster attempt by criminals (who couldn't be arsed to type up a proper-looking letter or obfuscate the country of origin).

    Damn, where can one get paid to copyedit Engrish for cybercriminals?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 2) by DannyB on Tuesday July 31 2018, @05:10PM

      by DannyB (5839) Subscriber Badge on Tuesday July 31 2018, @05:10PM (#715285) Journal

      Use a sophisticated approach. First, like Stuxnet, spread, but deactivate the payload if the host computer is not the type of equipment you're looking for.

      Eventually a replicated copy might make it onto an interesting computer. Then the "payload" actually turns out to be only a "scout". Scan the system further, be sure it really is what you want. That it doesn't have defenses that will give the really good tricks away. If everything seems okay, then phone home and get the real payload -- now that the scout is sure there aren't any hardware debuggers, etc.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 2) by realDonaldTrump on Tuesday July 31 2018, @07:27PM

      by realDonaldTrump (6614) on Tuesday July 31 2018, @07:27PM (#715348) Homepage Journal

      China, very tough competitor. Very smart cookies. 22 million accounts were hacked in this country by China. Obama's Office of Personal Management, his OPM. That one was a biggie. Obama didn't want to say China, I'm saying China. It was China, folks. Big hacking job out of China.