Experts: Mass attack on American officials’ PCs from Belarus
It looked like an innocent e-mail Christmas card from the White House – a red card with a decorated Christmas tree. However, it was a programme meant for stealing documents from the PCs of American law enforcement, military and government workers. When people interested in the greeting card clicked on it they copied the ZueS malware on their PCs. The code is often used to steal passwords and other online credentials, primarily to poach Internet banking information. But that was not all it did. It could steal documents from the recipient's computer, accessing Microsoft Word and Excel files, informs The Washington Post referring to the Associated Press.
According to Don Jackson, the director of the SecureWorks computer security consulting company, the attack was somewhat small and targeted to a limited number of groups with law enforcement, military and government affiliations.
E-mails containing the tricky Christmas greetings were sent a day or two before Christmas and were delivered by a control server in Belarus, adds Alex Cox, principle research analyst for NetWitness, a cybersecurity firm.
The two experts would not disclose details on who was attacked or what documents may have been compromised. But they believe the rpogramme was created by the same people who launched a much larger attack in February 2010.
The experts also agreed that the hackers probably were after the documents, rather than any banking or financial passwords. According to one of the versions, the hackers were looking for information about law enforcement cases and investigative techniques related to cybercrime so that they could sell it to cyber criminals.
The Associated Press reminds that the e-mail attack underscores the continuing vulnerability of government workers and their computer systems to versions of the ZueS malware and its modifications. Its code can be tweaked so that it does not trigger antivirus software.
According to Don Jackson, the director of the SecureWorks computer security consulting company, the attack was somewhat small and targeted to a limited number of groups with law enforcement, military and government affiliations.
E-mails containing the tricky Christmas greetings were sent a day or two before Christmas and were delivered by a control server in Belarus, adds Alex Cox, principle research analyst for NetWitness, a cybersecurity firm.
The two experts would not disclose details on who was attacked or what documents may have been compromised. But they believe the rpogramme was created by the same people who launched a much larger attack in February 2010.
The experts also agreed that the hackers probably were after the documents, rather than any banking or financial passwords. According to one of the versions, the hackers were looking for information about law enforcement cases and investigative techniques related to cybercrime so that they could sell it to cyber criminals.
The Associated Press reminds that the e-mail attack underscores the continuing vulnerability of government workers and their computer systems to versions of the ZueS malware and its modifications. Its code can be tweaked so that it does not trigger antivirus software.