Wednesday, January 5, 2011

The "e" in e-card for cybercreeps means "easy" to get past security

My family and friends know by now that I NEVER open e-cards without calling or emailing them first to ask them 50 questions about the card before I even consider opening it.  That might explain the decline in e-cards in my in basket?

Until now, most of my friends and family put up with it because they love me and they all know that like the kid in "6th sense" who "sees dead people", when I look at most anything I "see cyberbadpeople".

So, when I read that bogus White House Christmas e-cards were sent out to people, I absolutely cringed.  I knew, before I read the article, that people probably opened them.

According to articles I read, the e-card contained the infamous Zeus malware.

One article mentions that one of the servers used to deliver the e-cards from "the White House" was in Belarus.  It is believed that the hackers stole several gigabytes worth of data.

From the site KrebsOnSecurity, he posted the actual message sent to recipients:

“As you and your families gather to celebrate the holidays, we wanted to take
a moment to send you our greetings. Be sure that we’re profoundly grateful
for your dedication to duty and wish you inspiration and success in
fulfillment of our core mission."

The card included links with a picture of a decorated Christmas tree with a file named "".

The Zeus variant appears to have stolen passwords and used those to steal Word and Excel documents.


"White House E-Card Spoof Steals Data", Brian Kalish,, January 4, 2011.

" 'White House' eCard Dupes Dot-Gov Geeks", KrebsonSecurity, January 4, 2011.

No comments:

Post a Comment