Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: White house greeting cards - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
White house greeting cards

We've had some reports of some targeted emails from "The White House". 

Emails typically look as follows: 

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

http://yyyyyyyyyy.com/
card/
http://xxxxxxxxxx.com/card/

Merry Christmas!
______________________________
_____________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

The email links to an exe file which in turn downloads what looks like a key logger, typically associated with ZBOT.  currently these are barely detected, but that should improve. 

If you receive some of these I'd be interested in the URL as well as the headers of the message. 

Cheers

Mark 

Mark

391 Posts
ISC Handler
To all commenters, please do not post links to potentially malicious sites in the comments. To submit headers and URLS please use the contact form instead.
Anonymous

ISC Handler

Sign Up for Free or Log In to start participating in the conversation!