Malicious CD ROMs mailed to banks

Published: 2009-08-26
Last Updated: 2009-08-27 18:45:23 UTC
by Johannes Ullrich (Version: 2)
3 comment(s)

Update: We go an email and phone call from Brent Huston with Microsolved. This mailing was part of an authorized pen test. Nothing to worry about (right now), but the best practices to deal with such issues still apply.


The National Credit Union Administration (NCUA) published an interesting advisory here:

Member credit unions evidently are reporting receiving letters which include two CDs. The letters claim to originate form the NCUA and advertises the CDs as training materials. However, it appears that the letter is a fake and the CDs include malware.

We have not heard about this scheme affecting any other targets, but please let us know if you see something like this. Malware delivery via USPS has certainly been suggested before.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

Keywords: CDRom malware NCUA USPS
3 comment(s)


There must have been a contest to see how many federal laws you can break at once
These are unsophisticated, but very effective. There are still so many businesses that don't lock down their workstations. I did something similar recently for a penetration test with a high rate of success.
Wow, the system worked! The malware got noticed, the word was spread rapidly through the industry and the appropriate agencies also also got alerts out.Pretty cool!

Diary Archives