Hackers (Or Pen-Testers) Hit Credit Unions With Malware On CD

redsoxh8r writes "Online criminals have taken to a decidedly low-tech method for distributing the latest batch of targeted malware: mailing infected CDs to credit unions. The discs have been showing up at credit unions around the country recently, a throwback to the days when viruses and Trojans were distributed via floppy disk. The scam is elegant in its simplicity. The potential thieves are mailing letters that purport to come from the National Credit Union Administration, the federal agency that charters and insures credit unions, and including two CDs in the package. The letter is a fake fraud alert from the NCUA, instructing recipients to review the training materials contained on the discs. However, the CDs are loaded with malware rather than training programs." According to the linked article, the infected CDs were (or at least may have been) part of a penetration test, rather than an actual attack.

Re:I actually saw one of these....

[rtechie]

It's not a "debt institution". They loan money at extremely competitive rates and have no direct profit incentive...

They are a "debt institution" because they loan money at interest (usury). Their non-profit status is not relevant.

To argue that they have "no profit incentive" is highly misleading. Like most nonprofits and charities most credit unions have EXTREMELY well-compensated executives whose compensation is based on how much money the credit union makes. So the employees (not the members per se) have a profit incentive. I'd also point out that in most nonprofits executive nepotism is rampant (it's not uncommon for ALL of a nonprofit's executives to be related somehow).