Malware in fake White House e-card steals data

Official-looking holiday e-greeting downloads Zeus malware, and secretly downloads PDFs and Microsoft Word and Excel documents to a server in Belarus.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Jan. 5, 2011 1:13 p.m. PT

2 min read

An e-mail sent to an unknown number of government employees and contractors two days before Christmas appeared to be a holiday greeting from the White House but instead hid malware that stole data.

The innocent-looking holiday e-greeting prompted recipients to click to view the card, but when the file was opened, malware known as "Zeus" was downloaded to the computer, according to reports. Zeus is known as a banking Trojan horse designed to steal passwords and online credentials, mostly for financial fraud.

The Department of Homeland Security is "aware of and monitoring the situation," spokeswoman Amy Kudwa told CNET today.

In this attack, PDFs, as well as Microsoft Word and Excel documents, were stolen and surreptitiously uploaded to a server in Belarus, according to the Krebs on Security blog, which reported the attack earlier this week.

More than 2 gigabytes of data were stolen from dozens of victims, who included workers at the National Science Foundation's Office of Cyber Infrastructure, the Financial Action Task Force, the Massachusetts State Police, and the Moroccan government's Ministry of Industry, Commerce and New Technologies, the blog reported.

It's unclear who is behind the attack and exactly what the motivation was, said Alex Cox, principal research analyst at NetWitness. Documents from .gov, .mil, and government contractor computers would be appealing to many in the underground, but the latest attack could have been just an intelligence-gathering mission to improve the chances of success in a future attack, he said.

A similar attack using the same Zeus malware and social engineering happened about a year ago targeting a broader group of Fortune 500 companies and U.S. and foreig government agencies, according to Cox.

"As we found in our Q3 malware research report, government organizations are being increasingly targeted by Web malware attacks," Neil Daswani, chief technology officer at anti-malware services provider Dasient, told CNET. "In the Whitehouse.gov e-card incidents, we also saw significant, continued use of social engineering, and it just shows that no one is immune--even employees with top-secret clearance and those who work on cybersecurity fell for the attack."

Updated at 2:15 p.m. PDT with DHS and NetWitness comment.