This Month in Spear Phishing, or: Run these .EXE on Windows!

The Black Flag Cafe is the place travelers come to share stories and advice. Moderated by Robert Young Pelton the author of The World's Most Dangerous Places.

Moderator: coldharvest

This Month in Spear Phishing, or: Run these .EXE on Windows!

Postby thewalrus » Thu Mar 11, 2010 9:17 pm

I'll refrain from posting the full header... These all landed in my inbox recently. Three guesses what the zip files contain and the first two don't count. Kurt, do you get many of these?


> From: jeffreyc@nsa.gov
> Date: February 11, 2010 9:39:15 AM GMT+05:00
> To: MYWORKMOBILEEMAILADDRESS
> Subject: RE: Zeus Attack Spoofs NSA, Targets .gov and .mil
>
> Zeus Attack Spoofs NSA, Targets .gov and .mil
>
> Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.
>
> According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.
>
> The messages are spoofed so that they appear to have been sent by the National Intelligence Council (address used was nic@nsa.gov), which serves as the center for midterm and long-range strategic thinking for the U.S. intelligence community and reports to the office of the Director of National Intelligence.
>
> Security Update for Windows 2000/XP/Vista/7 (KB823988)
>
> About this download: A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
>
> Download:
>
> http://mv.net.md/update/update.zip
>
> or
>
> http://www.sendspace.com/file/7jmxtq


> From: ecu@nsa.gov
> Date: December 9, 2009 4:33:51 PM GMT+05:00
> To: MYWORKMOBILEEMAILADDRESS
> Subject: CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS
>
> AFRL-RI-RS-TR-2009-136
> Final Technical Report
> December 2009
>
> CYBER-PMESII COMMANDER’S ANALYSIS OF FORECAST EFFECTS (CYBERCAFE)
>
> INFORMATION SUBJECT TO EXPORT CONTROL LAWS
>
> WARNING - This document contains technical data whose export is restricted by the Arms Export
> Control Act (Title 22, U.S.C., Sec 2751 et seq.) or the Export Administration Act of 1979, as amended
> (Title 50, U.S.C. App. 2401, et seq.). Violations of these export laws are subject to severe criminal
> penalties. Disseminate IAW DoDD 5230.25.
>
> DESTRUCTION NOTICE - For classified documents, follow the procedures in DOD 5220.22-M, National
> Industrial Security Manual (NISPOM), section 5-705 or DOD 5200.1-R, Information Security Program,
> Chapter VI. For unclassified limited documents, destroy by any method that will prevent disclosure of
> contents or reconstruction of the document.
>
> Export of the attached information (which includes, in some circumstances, release to
> foreign nationals within the United States) without first obtaining approval or license from
> the Department of State for items controlled by the International Traffic in Arms
> Regulation (ITAR), or the Department of Commerce for items controlled by the Export
> Administration Regulation (EAR), may constitute a violation of law.
>
> Download:
> http://www.zeropaid.com/bbs/includes/CYBERCAFE.zip
>
> or
>
> http://rapidshare.com/files/318309046/C ... E.zip.html
> http://www.sendspace.com/file/fmbt01


> From: uctd@nsa.gov
> Date: December 14, 2009 1:56:24 PM GMT+05:00
> To: MYWORKMOBILEEMAILADDRESS
> Subject: Information Systems Security Reminder
>
> Information Systems Security Reminder
>
> -- Users are reminded to be aware and vigilant when using government information services both inside and outside protected environments.
>
> -- Be aware of your surroundings when accessing these services remotely, and prefer trusted workstations. Evaluate the security risks inherent with use of public workstations, including "shoulder surfing" by nearby persons.
>
> -- When communicating via email, know with whom you are communicating. Common adversary techniques include social engineering, email phishing, and evocative attachments. Government system capabilities may only be discussed with authorized personnel.
>
> -- If you make an error (e.g., data spill), report it so that the problem can be addressed. Report any anomalies you observe to your security office or service desk.
>
> Security Software:
>
> http://hkcaregroup.com/modlogan/MILSOFT.zip
>
> or
>
> http://rapidshare.com/files/320369638/MILSOFT.zip.html
> http://fcpra.org/downloads/MILSOFT.zip

> From: cttd@fbi.gov
> Date: February 21, 2010 7:37:16 AM GMT+05:00
> To: MYWORKMOBILEEMAILADDRESS
> Subject: INTELLIGENCE BULLETIN
>
> FEDERAL BUREAU OF INVESTIGATION
> INTELLIGENCE BULLETIN
>
> February 2010
>
> Weapons of Mass Destruction Directorate
>
> Indicators for Terrorist Use of Toxic Industrial Chemicals
>
> THIS INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER
> PUBLIC SAFETY OFFICIALS WITH SITUATIONAL AWARENESS CONCERNING
> INTERNATIONAL AND DOMESTIC TERRORIST TACTICS.
>
> UNCLASSIFIED//FOR OFFICIAL USE ONLY
>
> Download:
>
> http://timingsolution.com/Doc/BULLETIN.zip
>
> or
>
> http://www.sendspace.com/file/goz3yd


> From: hsi@dhs.gov
> Date: March 11, 2010 11:38:56 PM GMT+05:00
> To: MYWORKMOBILEEMAILADDRESS
> Subject: U.S. Department of Homeland Security
>
> Department of Homeland Security
> INTELLIGENCE BULLETIN
> UNCLASSIFIED
>
> 11 March 2010
>
> Yesterday the Department of Homeland Security has received the prevention from NASA's Jet Propulsion Laboratory about the occurred shift of Earth’s figure axis:
> ________
>
> The recent Chilean earthquake shifted the axis by approximately three inches and shortened the length of a day by 1.26 microseconds. According to NASA’s Jet Propulsion Laboratory the displacement of Earth’s axis will cause natural disasters on the Eastern coast of the USA including Florida, Georgia, South and North Carolina.
> ________
>
> In this connection the DHS has made a decision to prepare for general evacuation from the specified area. The population of the region should be ready for evacuation. It is necessary collect valuable possessions, documents, things of first necessity, and wait for the announcement.
>
> In order to prevent panic among the population DHS asks to stay calm and follow the official instructions listed below:
>
> http://dhsorg.org/docs/instructions.zip
User avatar
thewalrus
BFCus Regularus
 
Posts: 2172
Joined: Sat Jan 13, 2007 6:43 pm
Location: Earth

Return to Black Flag Cafe

Who is online

Users browsing this forum: Google [Bot] and 20 guests

cron