Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers (Or Pen-Testers) Hit Credit Unions With Malware On CD

Posted by timothy on from the please-avoid-mine dept.

redsoxh8r writes "Online criminals have taken to a decidedly low-tech method for distributing the latest batch of targeted malware: mailing infected CDs to credit unions. The discs have been showing up at credit unions around the country recently, a throwback to the days when viruses and Trojans were distributed via floppy disk. The scam is elegant in its simplicity. The potential thieves are mailing letters that purport to come from the National Credit Union Administration, the federal agency that charters and insures credit unions, and including two CDs in the package. The letter is a fake fraud alert from the NCUA, instructing recipients to review the training materials contained on the discs. However, the CDs are loaded with malware rather than training programs." According to the linked article, the infected CDs were (or at least may have been) part of a penetration test, rather than an actual attack.

12 of 205 comments (clear)

  1. Training by sexconker · · Score: 4, Funny

    Did the penetration testing "training" CDs at least provide a helpful "Lesson Number 1: Never do what you just did." video?

    1. Re:Training by svtdragon · · Score: 2, Funny

      Really, I think this is just a massive cover-up for what happened when they found a copy of "Penetration Training 14" on the CEO's desk, and a bottle of hand lotion in the drawer.

  2. Re:I actually saw one of these.... by CannonballHead · · Score: 5, Funny

    Mail fraud, financial fraud, computer fraud and forgery. What have I missed?

    We're on Slashdot. At least insult them properly: they probably use Windows.

  3. Re:I actually saw one of these.... by shentino · · Score: 5, Funny

    Actually, mimicking government incompetence is a necessary step to enhancing its value as a forgery.

  4. Re:I actually saw one of these.... by Mozk · · Score: 5, Funny

    I just bought a bunch of 10 month CDs from my credit union

    Doesn't AOL give out 10-month CDs for free?

    --
    No existe.
  5. Re:Another scam by Kozz · · Score: 5, Funny

    Yep, trivial.

    Years back (about 1995 or so) I configured my MTA to provide "president@whitehouse.gov" as the "From" address when I sent an obvious prank to a co-worker. He replied (!) cussing me out and joking, "I'm going to kill you". You can imagine he quickly realized what he'd done and sent another email explaining himself. Who knows if he managed to get himself on an FBI watchlist or not. ;)

    --
    I only post comments when someone on the internet is wrong.
  6. Re:Wait, I've heard this one before. by John+Hasler · · Score: 3, Funny

    > Credit unions make great financial sense but only the largest ones have the
    > kind of IT and security resources most of us associate with a bank.

    Considering what the banks accomplish with those resources, I'll take the credit unions.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  7. Pen testers by Anonymous Coward · · Score: 2, Funny

    I'm in favor of it; I think that banks really need pen testers.

    Their pens usually are broken off of those little chain things, and when you do find one that's still attached, it doesn't write.

  8. Re:Another scam by nihongomanabu · · Score: 2, Funny

    A friend of mine in university got in a bit of trouble when he spoofed the reply address in a joke email. The IT dept wasn't happy they had to explain to a student that they didn't really get an email from god@heaven.com.

  9. Re:Mailing is to customers by Anonymous Coward · · Score: 2, Funny

    This bout of reasonable discourse brought to you by: Slashdot

    Shoes for Turds, Stuff that Splatters.

  10. Re:Windows Autorun by LeperPuppet · · Score: 3, Funny

    While we're making it simple, why don't we just open up all the keyboards on site and solder the shift key connectors permanently closed? No autorun all the time and anyone who doesn't know about holding down the shift key won't have to learn. It's a perfect solution.

  11. Re:Where are the jokes? by MadKeithV · · Score: 2, Funny

    No-one on slashdot has the necessary experience to make penetration jokes.