‘US governments receive CD-ROMs with malicious doc files’

Spread the love

According to investigative journalist Brian Krebs, several US government agencies, such as municipalities and state governments, have received CDs containing malicious doc files containing Chinese texts.

Krebs bases his information on an internal warning from a security organization for US governments. According to that warning, these are envelopes that apparently come from China and contain, next to a CD-ROM, an English letter with ‘confusing formulations’. Several US governments reportedly reported receiving the letters. It is unclear whether anyone actually put the CDs into a computer.

An analysis by the security organization, the Multi-State Information Sharing and Analysis Center, shows that the CDs contain doc files with Chinese texts. Those files in turn contain malicious Visual Basic scripts. Krebs notes that there are several ways to make this “mail phishing campaign” more convincing, for example by using USB drives and better written letters. The origin of the letters does not emerge from the reporting.

Image via KrebsOnSecurity

You might also like
Exit mobile version