Our Latest Discovery

Sep 2 2009   2:10PM GMT

Pen testing through the mail — attack not real but the malware is

Ivy Wigmore Ivy Wigmore Profile: Ivy Wigmore

Someone’s been mailing letters purporting to be from the National Credit Union Administration to credit unions throughout the U.S. The letters ask the recipients to view training material on enclosed CDs. Not too surprisingly, the unexpected letters turned out to be fake and the CDs loaded with malware.The surprising part, though, is that the attack was fake, too.

Dennis Fisher reports:

“The malware-infected CDs that were mailed to some credit unions may have been part of a penetration test designed to gauge whether an employee would run the software. The SANS Internet Storm Center says it was notified by a representative from Microsolved that the mailing was part of an authorized pen test.”

As far as I can work it out, the letters were fake. Maybe double-fake, since they were from penetration testers pretending to be attackers pretending to be NCUA officials warning about attacks… or is that triple-fake? But nevertheless, the malware was real. The NCUA has issued a warning that playing the CDs could lead to a security breach or have other adverse consequences.

~ Ivy Wigmore

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: